Vulnerability Name: Foxit Reader getOCGs Type Confusion Remote Code Execution Vulnerability CVE ID: CVE-2018-14256 CVSS Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P) Affected Vendor: Foxit Affected Product: Reader Vulnerability Details: - Allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. Requires user interaction to visit a malicious page or open a malicious file. - Specific flaw in getOCGs method, can be exploited via JavaScript to trigger a type confusion condition. Additional Details: Vendor (Foxit) has issued an update. More details at https://www.foxitsoftware.com/support/security-bulletins.php Disclosure Timeline: - 2018-04-03: Vulnerability reported to vendor - 2018-07-19: Coordinated public release of advisory and advisory updated Credit: nsfocus security team.