How severe is CVE-2018-14280?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2018-14280?

This is classified as CWE-693, which is a common weakness in software security.

CVE-2018-14280 - HIGH Severity | CVSS 8.8

Vulnerability Description

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the exportAsFDF XFA function. The issue results from the lack of proper validation of user-supplied data, which can lead to writing arbitrary files into attacker controlled locations. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5619.

Related Vulnerabilities

CVE-2017-10952

HIGH

CVSS:8.8(High)

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 8.2.0.2051. User interaction is required to exploit this vulnerability in that the targ...

CWE-6932017

CVE-2018-1170

HIGH

CVSS:8.8(High)

This vulnerability allows adjacent attackers to inject arbitrary Controller Area Network messages on vulnerable installations of Volkswagen Customer-Link App 1.30 and HTC Customer-Link Bridge. Authent...

CWE-6932018

CVE-2018-14281

HIGH

CVSS:8.8(High)

CWE-6932018

CVE-2019-13516

HIGH

CVSS:8.8(High)

In OSIsoft PI Web API and prior, the affected product is vulnerable to a direct attack due to a cross-site request forgery protection setting that has not taken effect.

CWE-6932019

CVE-2021-31982

HIGH

CVSS:8.8(High)

Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

CWE-6932021

CVE-2022-22761

HIGH

CVSS:8.8(High)

Web-accessible extension pages (pages with a moz-extension:// scheme) were not correctly enforcing the frame-ancestors directive when it was used in the Web Extension's Content Security Policy. This v...

CWE-6932022