CVE-2018-19450

A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

21 Nov 2024, 03:57

Type Values Removed Values Added
References () https://www.foxitsoftware.com/support/security-bulletins.php - Patch, Vendor Advisory () https://www.foxitsoftware.com/support/security-bulletins.php - Patch, Vendor Advisory

Information

Published : 2019-06-17 20:15

Updated : 2024-11-21 03:57


NVD link : CVE-2018-19450

Mitre link : CVE-2018-19450

CVE.ORG link : CVE-2018-19450


JSON object : View

Products Affected

foxitsoftware

  • foxit_pdf_sdk_activex

microsoft

  • windows
CWE
CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')