Vulnerabilities > Foxitsoftware

DATE CVE VULNERABILITY TITLE RISK
2019-06-17 CVE-2018-19448 Out-of-bounds Write vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents.
local
low complexity
foxitsoftware CWE-787
7.8
2019-06-17 CVE-2018-19447 Out-of-bounds Write vulnerability in Foxitsoftware Foxit PDF SDK Activex
A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string.
local
low complexity
foxitsoftware CWE-787
7.8
2019-06-17 CVE-2018-19446 Incorrect Permission Assignment for Critical Resource vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used.
local
low complexity
foxitsoftware CWE-732
7.8
2019-06-17 CVE-2018-19445 Command Injection vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used.
local
low complexity
foxitsoftware CWE-77
7.8
2019-06-17 CVE-2018-19444 Use After Free vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031.
local
low complexity
foxitsoftware CWE-416
7.8
2019-06-07 CVE-2018-19452 Use After Free vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031.
local
low complexity
foxitsoftware CWE-416
7.8
2019-06-07 CVE-2018-19451 Command Injection vulnerability in Foxitsoftware Foxit PDF SDK Activex 5.4.0.1031/5.5.0
A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field.
local
low complexity
foxitsoftware CWE-77
7.8
2019-06-03 CVE-2019-6773 Use After Free vulnerability in Foxitsoftware Foxit Reader
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.
local
low complexity
foxitsoftware CWE-416
5.5
2019-06-03 CVE-2019-6772 Use After Free vulnerability in Foxitsoftware Foxit Reader
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.
local
low complexity
foxitsoftware CWE-416
5.5
2019-06-03 CVE-2019-6771 Use After Free vulnerability in Foxitsoftware Foxit Reader
This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 2019.010.20098.
local
low complexity
foxitsoftware CWE-416
5.5