CVE-2018-3850 in Foxit Software and Foxit Products
Published on April 23, 2018
An exploitable use-after-free vulnerability exists in the JavaScript engine Foxit Software Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If a browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
Products Associated with CVE-2018-3850
stack.watch emails you whenever new vulnerabilities are published in Foxit Software Pdf Reader or Foxit Pdf Reader. Just hit a watch button to start following.
Affected Versions
Talos Foxit Version Foxit PDF Reader 9.0.1.1049. is affected by CVE-2018-3850Exploit Probability
EPSS
1.04%
Percentile
77.13%
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.