CVE ID: CVE-2018-17663 CVSS Score: 7.8 - AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H Affected Vendors: Foxit Affected Products: Reader Vulnerability Details: - Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability, such as visiting a malicious page or opening a malicious file. - Specific Flaw: The flaw exists in the handling of the importData method of a Host object, where the lack of validating an object's existence prior to performing operations on it can be exploited. Additional Details: Foxit has issued an update to correct this vulnerability. More details can be found at this link. Disclosure Timeline: - 2018-06-28: Vulnerability reported to vendor - 2018-10-11: Coordinated public release of advisory Credit: Esteban Ruiz (mr_me) of Source Incite