Platform
windows
Component
foxit-reader
Fixed in
9.4.2
CVE-2019-6773 is an information disclosure vulnerability affecting Foxit Reader versions 9.4.1.16828. An attacker can potentially expose sensitive information by tricking a user into visiting a malicious webpage or opening a malicious file. This vulnerability arises from insufficient validation of objects within AcroForms. The issue is resolved in Foxit Reader 9.4.2.
Successful exploitation of CVE-2019-6773 allows an attacker to disclose sensitive information stored within Foxit Reader documents. While the vulnerability requires user interaction, the potential impact is significant, as attackers could gain access to confidential data such as financial records, personal information, or proprietary business documents embedded within PDF files. The attack vector involves crafting a malicious PDF document that exploits the flawed object validation logic. This could be delivered via phishing emails, malicious websites, or compromised file shares. The blast radius is limited to users who open the malicious document with a vulnerable version of Foxit Reader.
CVE-2019-6773 was publicly disclosed on June 3, 2019. There is no indication of active exploitation campaigns targeting this vulnerability at this time. No public proof-of-concept exploits are readily available. The vulnerability is not currently listed on the CISA KEV catalog. The CVSS score of 3.3 (LOW) reflects the requirement for user interaction and the limited potential impact.
Exploit Status
EPSS
1.01% (77% percentile)
CVSS Vector
The primary mitigation for CVE-2019-6773 is to upgrade Foxit Reader to version 9.4.2 or later. If immediate upgrading is not possible, consider implementing stricter controls on file downloads and email attachments to prevent users from opening potentially malicious PDF files. Educate users about the risks of opening untrusted documents. While a direct WAF rule is unlikely to be effective, network-level intrusion detection systems (IDS) could be configured to monitor for suspicious network traffic patterns associated with PDF file exploitation attempts. After upgrading, confirm the fix by attempting to open a known malicious PDF file (in a controlled environment) to verify that the vulnerability is no longer exploitable.
Update Foxit Reader to a version later than 9.4.1.16828. Download the latest version from the official Foxit website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2019-6773 is a vulnerability in Foxit Reader 9.4.1.16828 that allows attackers to potentially disclose sensitive information by exploiting flawed object validation in AcroForms.
You are affected if you are using Foxit Reader version 9.4.1.16828. Upgrade to version 9.4.2 or later to mitigate the risk.
The fix is to upgrade Foxit Reader to version 9.4.2 or a later version. Ensure you download the update from a trusted source.
There is no current evidence of active exploitation campaigns targeting CVE-2019-6773, but it remains a potential risk.
Refer to the Foxit Security Bulletin for details: [https://www.foxit.com/security/bulletin/psirt-19-014](https://www.foxit.com/security/bulletin/psirt-19-014)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.