关键信息 CVE ID: CVE-2018-9971 CVSS Score: 4.3, AV:N/AC:M/Au:N/C:P/I:N/A:N Affected Vendors: Foxit Affected Products: Reader Vulnerability Details: - Description: Remote attackers can disclose sensitive information on vulnerable installations of Foxit Reader. Requires user interaction. - Specific Issue: In ConvertToPDF_x86.dll, due to improper validation of user-supplied data, resulting in out-of-bounds read. - Exploitability: Can be leveraged with other vulnerabilities for arbitrary code execution. Additional Details: Foxit has issued an update to correct this vulnerability. For more details see: Foxit Security Bulletins Disclosure Timeline: - 2018-03-06: Vulnerability reported to vendor - 2018-04-20: Coordinated public release of advisory - 2018-04-20: Advisory Updated Credit: soiax