Use After Free Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031

Use After Free Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031

CVE-2018-19444 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.

Learn more about our Web Application Penetration Testing UK.