CVE-2018-3956

Exploit

EPSS 13.58%
Veröffentlicht 30.01.2019 22:29:00
Zuletzt bearbeitet 21.11.2024 04:06:22
Quelle talos-cna@cisco.com
CVE-Watchlists
Login
Unerledigt
Login

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxitsoftware ≫ Phantompdf Version <= 9.3.0.10826

Microsoft ≫ Windows Version-

Foxitsoftware ≫ Reader Version <= 9.3.0.10826

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	13.58%	0.94

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:N/A:P
talos-cna@cisco.com	6.8	1.6	5.2	CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3956

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3956

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3956

EUVD