What is CVE-2018-9948?

CVE-2018-9948 is a vulnerability in Foxit Reader, classified under Access of Uninitialized Pointer. Published 2018-05-17.

Is CVE-2018-9948 known to be exploited?

9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Foxit Reader

CVE-2018-9948

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page…

EPSS: 0.873 (99.5th percentile) — read the EPSS interpretation.

Affected products

Foxit Reader — versions 9.0.0.29935

Weakness classification (CWE)

CWE-824 — Access of Uninitialized Pointer

Public proof-of-concept exploits

References

zerodayinitiative.com/advisories/ZDI-18-332 (x_refsource_MISC)
www.foxitsoftware.com/support/security-bulletins.php (x_refsource_CONFIRM)
44941 (exploit, x_refsource_EXPLOIT-DB)
45269 (exploit, x_refsource_EXPLOIT-DB)

Frequently asked questions

What is CVE-2018-9948?: CVE-2018-9948 is a vulnerability in Foxit Reader, classified under Access of Uninitialized Pointer. Published 2018-05-17.
Is CVE-2018-9948 known to be exploited?: 9 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.