What is CVE-2018-9958?

CVE-2018-9958 is a vulnerability in Foxit Reader, classified under Use After Free. Published 2018-05-17.

Is CVE-2018-9958 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Use After Free in Foxit Reader

CVE-2018-9958

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open…

Vulnerability class: Use-After-Free

EPSS: 0.865 (99.4th percentile) — read the EPSS interpretation.

Affected products

Foxit Reader — versions 9.0.1.1049

Weakness classification (CWE)

CWE-416 — Use After Free

Public proof-of-concept exploits

References

www.foxitsoftware.com/support/security-bulletins.php (x_refsource_CONFIRM)
zerodayinitiative.com/advisories/ZDI-18-342 (x_refsource_MISC)
44941 (exploit, x_refsource_EXPLOIT-DB)
45269 (exploit, x_refsource_EXPLOIT-DB)
packetstormsecurity.com/files/160240/Foxit-Reader-9.0.1.1049-Arbitrary-Code-Exe… (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-9958?: CVE-2018-9958 is a vulnerability in Foxit Reader, classified under Use After Free. Published 2018-05-17.
Is CVE-2018-9958 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.