CVE-2018-19449
First published: Mon Jun 17 2019(Updated: )
A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Foxitsoftware Foxit Pdf Sdk Activex | <=5.5.0 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2018-19449?
CVE-2018-19449 has a high severity rating due to the potential for remote code execution.
How do I fix CVE-2018-19449?
To mitigate CVE-2018-19449, update the Foxit PDF SDK ActiveX to the latest version above 5.5.0.
What software is affected by CVE-2018-19449?
CVE-2018-19449 affects Foxit PDF SDK ActiveX version 5.4.0.1031 and earlier versions.
What impact does CVE-2018-19449 have on users?
CVE-2018-19449 allows attackers to execute arbitrary code on a user's system through specially crafted PDF files.
Is CVE-2018-19449 specific to a certain platform?
CVE-2018-19449 is specifically related to the Foxit PDF SDK ActiveX on Windows platforms.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- agent/source
- vendor/foxitsoftware
- canonical/foxitsoftware foxit pdf sdk activex
- version/foxitsoftware foxit pdf sdk activex/5.5.0
- vendor/microsoft
- canonical/microsoft windows