Use After Free Vulnerability in TextBox Field Mouse Enter Action in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031
CVE-2018-19452 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:P/A:P
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.
Learn more about our Web Application Penetration Testing UK.