Foxit Pdf Sdk Activex@5.5.0 Security Vulnerabilities and Issues — Foxit Pdf Sdk Activex@5.5.0 CVE List

FoxitsoftwareFoxit Pdf Sdk Activex5.5.0

9 matches found

CVE•added 2019/06/17 7:37 p.m.•67 views

CVE-2018-19447

Foxit PDF SDK ActiveX vulnerability CVE-2018-19447 affects Foxit Reader SDK ActiveX Std/Pro 5.4.0.1031, where parsing URI strings can trigger a stack-based buffer overflow, enabling remote code execution. Root cause: unchecked URI parsing in the ActiveX component. Reported impact: remote code exe...

7.8CVSS8.2AI score0.00315EPSS

Web

CVE•added 2019/06/17 7:46 p.m.•64 views

CVE-2018-19444

CVE-2018-19444 describes a use-after-free in the TextBox Validate action of IReader_ContentProvider within Foxit Reader SDK ActiveX Professional 5.4.0.1031. Exploitation via specially crafted PDFs can lead to remote code execution. The Red Hat and CVE mappings note this vulnerability is distinct ...

7.8CVSS8AI score0.00366EPSS

CVE•added 2019/06/17 7:18 p.m.•64 views

CVE-2018-19450

CVE-2018-19450 affects Foxit Reader SDK ActiveX: a command-injection bug occurs when parsing a Launch action in specially crafted PDF files, enabling remote code execution. Affected: Foxit Reader SDK ActiveX prior to 5.5.1 (e.g., 5.4.0.1031). Exploitation requires user interaction. Vendor guidanc...

7.8CVSS8.2AI score0.00852EPSS

CVE•added 2019/06/17 7:39 p.m.•63 views

CVE-2018-19446

CVE-2018-19446 affects Foxit Reader SDK ActiveX Pro (5.4.0.1031). The vulnerability lies in the JavaScript API Doc.createDataObject, which can cause a File Write when processing specially crafted PDFs, enabling remote code execution. According to the connected SRCINCITE entry, exploitation requir...

7.8CVSS8AI score0.00343EPSS

CVE•added 2019/06/17 7:33 p.m.•63 views

CVE-2018-19448

The CVE-2018-19448 vulnerability affects Foxit Reader SDK ActiveX Pro, where an uninitialized pointer in IReader_ContentProvider::GetDocEventHandler can be triggered when the ActiveX control is embedded in Office documents, allowing remote code execution. Exploitation requires user interaction (e...

7.8CVSS8.1AI score0.0036EPSS

CVE•added 2019/06/17 7:30 p.m.•63 views

CVE-2018-19449

Foxit Reader SDK ActiveX Pro (affected versions up to 5.4.0.1031; blocks indicate 5.5.1 and earlier) contains a file write vulnerability in the JavaScript API Doc.exportAsFDF that can lead to remote code execution when processing specially crafted PDFs. The issue stems from insufficient validatio...

7.8CVSS8AI score0.00312EPSS

CVE•added 2019/06/17 7:42 p.m.•60 views

CVE-2018-19445

CVE-2018-19445 affects Foxit Reader SDK ActiveX Pro (5.4.0.1031) where the JavaScript API app.launchURL can be abused to inject commands, enabling remote code execution. The root cause is insufficient validation of user-supplied strings before executing them via a system call in the ActiveX compo...

7.8CVSS8.2AI score0.00922EPSS

CVE•added 2019/06/07 4:49 p.m.•54 views

CVE-2018-19452

CVE-2018-19452 and related entries describe a use-after-free vulnerability in Foxit Reader SDK ActiveX (Professional 5.4.0.1031). The issue occurs in the IReader_ContentProvider when a Mouse Enter action triggers a use-after-free on the TextBox field, allowing remote code execution. The Red Hat/N...

7.8CVSS8AI score0.00366EPSS

CVE•added 2019/06/07 4:51 p.m.•53 views

CVE-2018-19451

Foxit Reader SDK ActiveX Pro (pre-5.5.1, e.g., 5.4.0.1031) is affected by CVE-2018-19451: a command injection via the Open File action on a Field can lead to remote code execution. The issue stems from inadequate validation when using a user-supplied string to invoke system calls. Exploitation re...

7.8CVSS8.2AI score0.01386EPSS