Platform
windows
Component
foxit-reader
Fixed in
9.4.2
CVE-2019-6766 is an information disclosure vulnerability affecting Foxit Reader versions 9.4.1.16828. Successful exploitation requires a user to visit a malicious webpage or open a malicious file, potentially leading to sensitive data exposure and, in conjunction with other vulnerabilities, code execution. The vulnerability has been resolved in Foxit Reader 9.4.2.
This vulnerability stems from a flaw in the removeField method within the AcroForms processing component of Foxit Reader. The lack of object existence validation before performing operations allows an attacker to potentially disclose sensitive information. While the direct impact is information disclosure, the description notes that this flaw can be leveraged in conjunction with other vulnerabilities to achieve code execution within the context of the current process. This significantly expands the potential impact, allowing for arbitrary command execution and complete system compromise if chained with other weaknesses. The 'ZD' designation suggests this was a zero-day vulnerability, meaning it was actively exploited before a patch was available.
CVE-2019-6766 was published on June 3, 2019. The 'ZD' designation indicates it was a zero-day vulnerability, meaning it was actively exploited before a patch was available. While no specific threat actor campaigns have been publicly linked to this CVE, the potential for code execution makes it a valuable target for attackers. The CVSS score of 3.3 (LOW) reflects the requirement for user interaction and the limited scope of the initial information disclosure.
Exploit Status
EPSS
0.24% (47% percentile)
CVSS Vector
The primary mitigation for CVE-2019-6766 is to upgrade Foxit Reader to version 9.4.2 or later. If upgrading immediately is not feasible due to compatibility issues or system downtime constraints, consider implementing stricter web filtering policies to block access to known malicious websites. Additionally, educate users about the risks of opening attachments from untrusted sources. While a WAF or proxy cannot directly prevent this vulnerability, they can help mitigate the risk by blocking access to known malicious URLs. There are no specific configuration workarounds or detection signatures readily available for this particular vulnerability.
Actualice Foxit Reader a una versión posterior a la 9.4.1.16828. Descargue la última versión desde el sitio web oficial de Foxit.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-6766 is a vulnerability in Foxit Reader 9.4.1.16828 that allows attackers to potentially disclose sensitive information through a flaw in the AcroForms processing. It requires user interaction and has a LOW severity rating.
You are affected if you are using Foxit Reader version 9.4.1.16828. Upgrade to version 9.4.2 or later to mitigate the risk.
The fix is to upgrade Foxit Reader to version 9.4.2 or a later version. Download the latest version from the official Foxit Reader website.
While no specific campaigns have been publicly linked, the 'ZD' designation indicates it was exploited before a patch was available, suggesting potential ongoing exploitation.
Refer to the Foxit Reader security advisory on their website for detailed information and download links: [https://www.foxit.com/security/bulletins/pdf-security-advisory](https://www.foxit.com/security/bulletins/pdf-security-advisory)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.