Key Vulnerability Information Advisory ID: ZDI-18-726 CVE ID: CVE-2018-14266 CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Vendor: Foxit Affected Product: Reader Vulnerability Type: Type Confusion Remote Code Execution Summary: - The vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. - Requires user interaction to visit a malicious page or open a malicious file. - The flaw is within the method, which can be exploited via JavaScript actions to trigger a type confusion condition. Fix: Foxit has issued an update to address the vulnerability. Timeline: - 2018-04-03: Vulnerability reported to vendor. - 2018-07-19: Coordinated public release of advisory. - 2018-07-19: Advisory updated. Credit: nsfocus security team.