Command Injection Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via app.launchURL JavaScript API

Command Injection Vulnerability in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 via app.launchURL JavaScript API

CVE-2018-19445 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.

Learn more about our Api Penetration Testing.