Command Injection Vulnerability in Foxit Reader SDK (ActiveX) 5.4.0.1031 Allows Remote Code Execution via Specially Crafted PDF Files

Command Injection Vulnerability in Foxit Reader SDK (ActiveX) 5.4.0.1031 Allows Remote Code Execution via Specially Crafted PDF Files

CVE-2018-19450 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.

Learn more about our Web Application Penetration Testing UK.