Foxit Software PDF SDK ActiveX 5.5.0 Professional Edition

CPE Details

Foxit Software PDF SDK ActiveX 5.5.0 Professional Edition
foxitsoftware
foxit_pdf_sdk_activex
5.5.0
2019-06-10
11h07 +00:00
2021-05-24
16h53 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:5.5.0:*:*:*:professional:*:*:*

Informations

Vendor

foxitsoftware

Product

foxit_pdf_sdk_activex

Version

5.5.0

Software Edition

professional

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-19444 2019-06-17 17h46 +00:00 A use after free in the TextBox field Validate action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19452, this has a different free location and requires different JavaScript code for exploitation.
7.8
High
CVE-2018-19445 2019-06-17 17h42 +00:00 A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API app.launchURL is used. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19446 2019-06-17 17h39 +00:00 A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.createDataObject is used. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19447 2019-06-17 17h37 +00:00 A stack-based buffer overflow can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing the URI string. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19448 2019-06-17 17h33 +00:00 In Foxit Reader SDK (ActiveX) Professional 5.4.0.1031, an uninitialized object in IReader_ContentProvider::GetDocEventHandler occurs when embedding the control into Office documents. By opening a specially crafted document, an attacker can trigger an out of bounds write condition, possibly leveraging this to gain remote code execution.
7.8
High
CVE-2018-19449 2019-06-17 17h30 +00:00 A File Write can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when the JavaScript API Doc.exportAsFDF is used. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19450 2019-06-17 17h18 +00:00 A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19451 2019-06-07 14h51 +00:00 A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031 when using the Open File action on a Field. An attacker can leverage this to gain remote code execution.
7.8
High
CVE-2018-19452 2019-06-07 14h49 +00:00 A use after free in the TextBox field Mouse Enter action in IReader_ContentProvider can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) Professional 5.4.0.1031. An attacker can leverage this to gain remote code execution. Relative to CVE-2018-19444, this has a different free location and requires different JavaScript code for exploitation.
7.8
High