CVE-2018-3843

Exploit

EPSS 48.26%
Veröffentlicht 19.04.2018 19:29:00
Zuletzt bearbeitet 21.11.2024 04:06:09
Quelle talos-cna@cisco.com
Teams Watchlist Login
Unerledigt Login

An exploitable type confusion vulnerability exists in the way Foxit PDF Reader version 9.0.1.1049 parses files with associated file annotations. A specially crafted PDF document can lead to an object of invalid type to be dereferenced, which can potentially lead to sensitive memory disclosure, and possibly to arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxitsoftware ≫ Foxit Reader Version9.0.1.1049

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	48.26%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
talos-cna@cisco.com	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

http://www.securityfocus.com/bid/103942

Third Party Advisory

Broken Link

VDB Entry

http://www.securitytracker.com/id/1040733

Third Party Advisory

Broken Link

VDB Entry

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0526

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3843

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3843

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3843

EUVD