Use After Free Vulnerability in TextBox Field Mouse Enter Action in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031

Use After Free Vulnerability in TextBox Field Mouse Enter Action in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031

CVE-2018-19452 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.

Learn more about our Web Application Penetration Testing UK.