How severe is CVE-2018-7407?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-7407?

This is classified as CWE-704, which is a common weakness in software security.

CVE-2018-7407 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in Foxit Reader before 9.1 and PhantomPDF before 9.1. This vulnerability allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists when rendering U3D images inside of pdf files. The issue results from the lack of proper validation of user-supplied data, which can result in a type confusion condition. An attacker can leverage this to execute code in the context of the current process.

Related Vulnerabilities

CVE-2010-1822

HIGH

CVSS:8.8(High)

WebKit, as used in Apple Safari before 4.1.3 and 5.0.x before 5.0.3 and Google Chrome before 6.0.472.62, does not properly perform a cast of an unspecified variable, which allows remote attackers to e...

CWE-7042010

CVE-2011-1805

HIGH

CVSS:8.8(High)

Bad cast in CSS in Google Chrome prior to 11.0.0.0 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

CWE-7042011

CVE-2016-5161

HIGH

CVSS:8.8(High)

The EditingStyle::mergeStyle function in WebKit/Source/core/editing/EditingStyle.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishan...

CWE-7042016

CVE-2016-5263

HIGH

CVSS:8.8(High)

The nsDisplayList::HitTest function in Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 mishandles rendering display transformation, which allows remote attackers to execute arbitrary code...

CWE-7042016

CVE-2016-7860

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016

CVE-2016-7861

HIGH

CVSS:8.8(High)

Adobe Flash Player versions 23.0.0.205 and earlier, 11.2.202.643 and earlier have an exploitable type confusion vulnerability. Successful exploitation could lead to arbitrary code execution.

CWE-7042016