Foxitsoftware Phantompdf 8.3.9.41099 Remote Code Execution Vulnerability

Summary

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader 9.4.1.16828.

Credit:

The information has been provided by hemidallt

The original article can be found at: https://www.foxitsoftware.com/support/security-bulletins.php


Details

Foxitsoftware Foxit Reader is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • Foxitsoftware Foxit Reader 9.4.1.16828
  • Foxitsoftware Phantompdf 8.3.9.41099
  • Foxitsoftware Phantompdf 9.0.0.29935
  • Foxitsoftware Phantompdf 9.0.1
  • Foxitsoftware Phantompdf 9.0.1.1049
  • Foxitsoftware Phantompdf 9.0.1.31049
  • Foxitsoftware Phantompdf 9.1
  • Foxitsoftware Phantompdf 9.1.0.5096
  • Foxitsoftware Phantompdf 9.2.0.9297
  • Foxitsoftware Phantompdf 9.3
  • Foxitsoftware Phantompdf 9.3.0.10826
  • Foxitsoftware Phantompdf 9.4.0.16811
  • Foxitsoftware Phantompdf 9.4.1.16828

CVE Information:

CVE-2019-6770

Disclosure Timeline:
Publish Date:06/03/2019

Categories: News