HTTP: Foxit Reader JavaScript mailForm Use After Free
This signature detects attempt to exploit a use after free vulnerability which has been reported in Foxit Reader. A remote attacker could exploit this vulnerability by enticing a user to open a crafted PDF document. Successful exploitation could allow the attacker to execute arbitrary code in the context of the application.
Extended Description
An exploitable use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.5096. A specially crafted PDF document can trigger a previously freed object in memory to be reused, resulting in arbitrary code execution. An attacker needs to trick the user into opening the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.
References
CVE: CVE-2018-3924
Short Name
HTTP:STC:FOXIT-MAILFRM-UAF
Severity
Major
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
After CVE-2018-3924 Foxit Free JavaScript Reader Use mailForm
Release Date
09/25/2018
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3717
False Positive
Unknown
CVSS Score
6.8