nvd-json-data-feeds/CVE-2018/CVE-2018-194xx/CVE-2018-19450.json

{
  "id": "CVE-2018-19450",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2019-06-17T20:15:09.917",
  "lastModified": "2019-06-18T15:32:21.707",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "A command injection can occur for specially crafted PDF files in Foxit Reader SDK (ActiveX) 5.4.0.1031 when parsing a launch action. An attacker can leverage this to gain remote code execution."
    },
    {
      "lang": "es",
      "value": "Puede ocurrir una inyecci\u00f3n de comando para archivos PDF especialmente creados en Foxit Reader SDK (ActiveX) versi\u00f3n 5.4.0.1031 cuando se analiza una acci\u00f3n launch. Un atacante puede explotar esto para obtener ejecuci\u00f3n de c\u00f3digo remota."
    }
  ],
  "metrics": {
    "cvssMetricV30": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "3.0",
          "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "attackVector": "LOCAL",
          "attackComplexity": "LOW",
          "privilegesRequired": "NONE",
          "userInteraction": "REQUIRED",
          "scope": "UNCHANGED",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9
      }
    ],
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "MEDIUM",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8
        },
        "baseSeverity": "MEDIUM",
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": false,
        "userInteractionRequired": true
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-77"
        }
      ]
    }
  ],
  "configurations": [
    {
      "operator": "AND",
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:a:foxitsoftware:foxit_pdf_sdk_activex:*:*:*:*:*:*:*:*",
              "versionEndIncluding": "5.5.0",
              "matchCriteriaId": "06F23292-BA71-4FDC-8B13-57A907C1B726"
            }
          ]
        },
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": false,
              "criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.foxitsoftware.com/support/security-bulletins.php",
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ]
    }
  ]
}