Incorrect Type Conversion or Cast

CVE-2018-14246

High

8.8/10

Summary

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the convertTocPDF method. By performing actions in JavaScript, an attacker can trigger a type confusion condition. The attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-6009.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: REQUIRED
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-704 - Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

References

Advisory Timeline

Published Jul 31, 2018

Incorrect Type Conversion or Cast

CVE-2018-14246

Summary

CWE-704 - Incorrect Type Conversion or Cast

References

Advisory Timeline

Wireshark

KICS Auto Scanning VS Code Extension

JetBrains IDE