#VU16807 Use-after-free error in 3D Plugin Beta
Published: January 4, 2019
Vulnerability identifier: #VU16807
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-416
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
3D Plugin Beta
3D Plugin Beta
Software vendor:
Foxit Software Inc.
Foxit Software Inc.
Description
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to the use of wild pointer when handing certain PDF file that embeds specifically crafted 3D content. A remote attacker can trick the victim into processing a specially crafted PDF file, trigger use-after-free error or type confusion error and execute arbitrary code with elevated privileges.
Successful exploitation of the vulnerability may result in system compromise.
Remediation
Update to version 9.4.0.16807.