Plattform
windows
Komponente
foxit-reader
Behoben in
9.4.2
CVE-2019-6773 is an information disclosure vulnerability affecting Foxit Reader versions 9.4.1.16828. An attacker can potentially expose sensitive information by tricking a user into visiting a malicious webpage or opening a malicious file. This vulnerability arises from insufficient validation of objects within AcroForms. The issue is resolved in Foxit Reader 9.4.2.
Successful exploitation of CVE-2019-6773 could allow an attacker to disclose sensitive information stored within Foxit Reader documents. While the CVSS score is LOW, the potential impact depends on the nature of the data contained within the documents. An attacker could craft a malicious PDF file that, when opened, triggers the vulnerability and reveals internal data, configuration details, or even credentials if they are embedded within the document. The requirement for user interaction limits the immediate scope, but widespread use of Foxit Reader makes this a potential risk for many organizations. This vulnerability highlights the importance of carefully vetting PDF files from untrusted sources.
CVE-2019-6773 was publicly disclosed on June 3, 2019. There is no indication of active exploitation campaigns targeting this vulnerability. No public proof-of-concept exploits are widely available. The vulnerability is not currently listed on the CISA KEV catalog. Given the LOW CVSS score and lack of public exploitation, the probability of exploitation is considered low.
Users who rely on Foxit Reader for viewing and managing PDF documents are at risk, particularly those who frequently open PDF files from external sources or untrusted websites. Organizations with legacy systems or configurations that prevent timely software updates are also at increased risk. Shared hosting environments where users have limited control over their software versions are also vulnerable.
• windows / desktop:
Get-Process foxitreader | Select-Object ProcessName, Id, CPU• windows / desktop:
Get-ItemProperty -Path 'HKLM:\Software\Foxit Software\Foxit Reader' -Name Version• windows / desktop: Check Autoruns for suspicious entries related to Foxit Reader or PDF processing. • windows / desktop: Review Windows Defender alerts for suspicious activity related to PDF files or Foxit Reader processes.
disclosure
Exploit-Status
EPSS
1.01% (77% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2019-6773 is to upgrade Foxit Reader to version 9.4.2 or later. If upgrading is not immediately feasible, consider implementing stricter controls on the types of PDF files users are allowed to open, particularly those received from external sources. Network administrators should also review their security policies to ensure users are educated about the risks of opening untrusted PDF files. While a direct WAF rule is unlikely, monitoring network traffic for suspicious PDF file downloads could provide an early warning sign. After upgrading, confirm the fix by attempting to open a known malicious PDF file (if available from trusted sources) and verifying that the vulnerability is no longer triggered.
Aktualisieren Sie Foxit Reader auf eine Version, die neuer als 9.4.1.16828 ist. Laden Sie die neueste Version von der offiziellen Foxit-Website herunter.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-6773 is a vulnerability in Foxit Reader 9.4.1.16828 that allows attackers to potentially disclose sensitive information by exploiting flawed object validation in AcroForms.
You are affected if you are using Foxit Reader version 9.4.1.16828. Upgrade to version 9.4.2 or later to mitigate the risk.
The fix is to upgrade Foxit Reader to version 9.4.2 or a later version. Ensure you download the update from a trusted source.
There is no current evidence of active exploitation campaigns targeting CVE-2019-6773, but it remains a potential risk.
Refer to the Foxit Security Bulletin for details: [https://www.foxit.com/security/bulletin/psirt-19-014](https://www.foxit.com/security/bulletin/psirt-19-014)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.