Advisory Details: Foxit Reader TextBox Format Use-After-Free Remote Code Execution Vulnerability Key Information CVE ID: CVE-2018-17621 CVSS Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P) Affected Vendors: Foxit Affected Products: Reader Vulnerability Details Description: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. The issue stems from improper handling of TextBox format events, leading to a Use-After-Free condition. Exploitation requires user interaction via a malicious page or file. Impact: Code execution in the context of the current process. Additional Details Vendor Response: Foxit has issued an update. More details: https://www.foxitsoftware.com/support/security-bulletins.php Disclosure Timeline 2018-06-22: Vulnerability reported to vendor 2018-09-28: Coordinated public release of advisory 2018-09-28: Advisory updated Credit Discoverer: Steven Seeley (mr_me) of Source Incite