Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | N/A |
CWE-ID | CWE-20 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
Foxit PDF Editor (formerly Foxit PhantomPDF) Client/Desktop applications / Office applications Foxit Reader for Mac Client/Desktop applications / Office applications |
Vendor | Foxit Software Inc. |
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU48712
Risk: Medium
CVSSv3.1:
CVE-ID: N/A
CWE-ID:
CWE-20 - Improper Input Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the application fails to identify the objects in the incremental update when the Subtype entry of the Annotation dictionary is set as null. A remote attacker can perform the Evil Annotation Attack and deliver incorrect validation results when validating certain certified PDF files whose visible content was significantly altered.
MitigationInstall updates from vendor's website.
Vulnerable software versionsFoxit PDF Editor (formerly Foxit PhantomPDF): 4.1.0.1023
Foxit Reader for Mac: 4.1.0.1023
Can this vulnerability be exploited remotely?
How the attacker can exploit this vulnerability?
Is there known malware, which exploits this vulnerability?