CVE-2018-9983
CVSSN/A
发布时间 :2018-05-17 11:29:04
修订时间 :2018-05-17 11:29:04
NM    

[原文]This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.0.0.29935. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of U3D files. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the context process. Was ZDI-CAN-5494.


[CNNVD]CNNVD数据暂缺。


[机译]译文暂缺.

- CVSS (基础分值)

CVSS暂不可用

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9983
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-9983
(官方数据源) NVD

- 其它链接及资源

https://www.foxitsoftware.com/support/security-bulletins.php
(UNKNOWN)  CONFIRM  https://www.foxitsoftware.com/support/security-bulletins.php
https://zerodayinitiative.com/advisories/ZDI-18-381
(UNKNOWN)  MISC  https://zerodayinitiative.com/advisories/ZDI-18-381
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站