cve/2018/CVE-2018-3960.md

### [CVE-2018-3960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3960)
![](https://img.shields.io/static/v1?label=Product&message=Foxit%20PDF%20Reader&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=remote%20code%20execution&color=brighgreen)

### Description

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.

### POC

#### Reference
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628

#### Github
No PoCs found on GitHub currently.
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-3960](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3960)`
			`![](https://img.shields.io/static/v1?label=Product&message=Foxit%20PDF%20Reader&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=remote%20code%20execution&color=brighgreen)`

			`### Description`

			`A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's Foxit PDF Reader version 9.1.0.5096. A use-after-free condition can occur when accessing the Producer property of the this.info object. An attacker needs to trick the user to open the malicious file to trigger this vulnerability. If the browser plugin extension is enabled, visiting a malicious site can also trigger the vulnerability.`

			`### POC`

			`#### Reference`
			`- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0628`

			`#### Github`
			`No PoCs found on GitHub currently.`