Platform
windows
Component
foxit-reader
CVE-2019-6772 is an information disclosure vulnerability affecting Foxit Reader versions 2019.010.20098 and prior. This flaw, located within the AcroForms removeField method, can be exploited by an attacker to potentially disclose sensitive information and, in conjunction with other vulnerabilities, execute code. The vulnerability requires user interaction to trigger, typically through visiting a malicious page or opening a malicious file. A patch is available from Foxit.
Successful exploitation of CVE-2019-6772 allows an attacker to potentially disclose sensitive information stored within AcroForms. While the vulnerability description mentions the possibility of code execution, it explicitly states this requires leveraging the flaw in conjunction with other vulnerabilities. The primary risk is the exposure of data contained within forms, which could include personally identifiable information (PII), financial details, or confidential business data. The attack vector involves tricking a user into opening a malicious PDF file or visiting a webpage containing a crafted PDF. The potential for code execution elevates the risk, as a successful combined attack could lead to complete system compromise.
CVE-2019-6772 was publicly disclosed on June 3, 2019. There is no indication of active exploitation campaigns targeting this specific vulnerability. Public proof-of-concept (PoC) code is not widely available, which reduces the immediate risk. The CVSS score of 3.3 (LOW) reflects the requirement for user interaction and the limited potential impact. This vulnerability is not listed on the CISA KEV catalog.
Exploit Status
EPSS
0.24% (47% percentile)
CVSS Vector
The primary mitigation for CVE-2019-6772 is to upgrade to a patched version of Foxit Reader. Foxit has released a fix to address this vulnerability. If immediate patching is not possible, consider implementing temporary workarounds such as disabling JavaScript within Foxit Reader or restricting users from opening PDF files from untrusted sources. Network administrators should monitor network traffic for suspicious PDF files and implement strict file type filtering. After upgrading, confirm the fix by attempting to open a known malicious PDF file (in a test environment) and verifying that the vulnerability is no longer triggered.
Update Foxit Reader to a version later than 2019.010.20098 to correct the vulnerability. Download the latest version from the official Foxit website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-6772 is a vulnerability in Foxit Reader 2019.010.20098 that allows attackers to potentially disclose sensitive information through a flaw in the AcroForms removeField method. User interaction is required.
You are affected if you are using Foxit Reader version 2019.010.20098 or earlier. Upgrade to a patched version to mitigate the risk.
Upgrade to the latest patched version of Foxit Reader. Check the Foxit website for available updates and installation instructions.
There is no current evidence of active exploitation campaigns targeting CVE-2019-6772, but the potential for exploitation remains.
Refer to the official Foxit security advisory for detailed information and updates: [https://www.foxit.com/security/bulletins/pdf-sdk-vulnerability-may-2019.html](https://www.foxit.com/security/bulletins/pdf-sdk-vulnerability-may-2019.html)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.