How severe is CVE-2018-17666?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-17666?

This is classified as CWE-416, which is a common weakness in software security.

CVE-2018-17666

HIGH Year: 2018

CVSS v3 Score

8.8

High

CVSS v2 Score

6.8

Medium

Weakness Type

CWE-416

View all →

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the exportData method of a host object. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-6520.

CVE-2008-0077

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Microsoft Internet Explorer 6 SP1, 6 SP2, and and 7 allows remote attackers to execute arbitrary code by assigning malformed values to certain properties, as demonstrat...

CWE-4162008

CVE-2009-3658

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in the Sb.SuperBuddy.1 ActiveX control (sb.dll) in America Online (AOL) 9.5.0.1 allows remote attackers to trigger memory corruption or possibly execute arbitrary code via...

CWE-4162009

CVE-2010-0050

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with imprope...

CWE-4162010

CVE-2010-0249

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 20...

CWE-4162010

CVE-2010-0378

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in Adobe Flash Player 6.0.79, as distributed in Microsoft Windows XP SP2 and SP3, allows remote attackers to execute arbitrary code by unloading a Flash object that is cur...

CWE-4162010

CVE-2010-1208

HIGH

CVSS:8.8(High)

Use-after-free vulnerability in the attribute-cloning functionality in the DOM implementation in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, and SeaMonkey before 2.0.6, allows remote a...

CWE-4162010

CVE-2018-17666

Vulnerability Description

Related Vulnerabilities

CVE-2008-0077

CVE-2009-3658

CVE-2010-0050

CVE-2010-0249

CVE-2010-0378

CVE-2010-1208