CVE-2018-3956

CVE Database · CVE-2018-3956

CVE-2018-3956

· HIGHModified

CVSS v3.1

7.1

EPSS

49.57%

Published

Jan 30, 2019

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

An exploitable out-of-bounds read vulnerability exists in the handling of certain XFA element attributes of Foxit Software's PDF Reader version 9.1.0.5096. A specially crafted PDF document can trigger an out-of-bounds read, which can disclose sensitive memory content and aid in exploitation when coupled with another vulnerability. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Weaknesses (CWE)

CWE-125

Affected Products (3)

foxitsoftware · phantompdfvulnerable

foxitsoftware · readervulnerable

microsoft · windows

References (2)

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626

ExploitThird Party Advisory

https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0626

ExploitThird Party Advisory

KEV Catalog EPSS Scores Vendors All CVEs