Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications Foxit Reader for Mac Client/Desktop applications / Office applications |
Vendor | Foxit Software Inc. |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU48712
Risk: Medium
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
Exploit availability:
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. A remote attacker can perform the Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 4.1.0.1023
Foxit Reader for Mac: 4.1.0.1023
Fixed software versionsCPE2.3 External links
Q & A
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?