cpe:/a:foxitsoftware:foxit_reader:9.0.1.1049 CVE-2018-3842 2018-04-19T15:29:00.233-04:00 2018-05-22T13:10:47.290-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2018-05-21T10:40:21.377-04:00 BID 103942 SECTRACK 1040733 MISC https://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0525 An exploitable use of an uninitialized pointer vulnerability exists in the JavaScript engine in Foxit PDF Reader version 9.0.1.1049. A specially crafted PDF document can lead to a dereference of an uninitialized pointer which, if under attacker control, can result in arbitrary code execution. An attacker needs to trick the user to open a malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.