Foxit PhantomPDF up to 9.4.0 HTML File information disclosure

A vulnerability was found in Foxit PhantomPDF up to 9.4.0. It has been rated as problematic. Affected by this issue is some processing. The manipulation as part of a HTML File leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.

The bug was discovered 04/19/2019. The weakness was presented 06/03/2019. This vulnerability is handled as CVE-2019-6756 since 01/24/2019. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.

The vulnerability was handled as a non-public zero-day exploit for at least 45 days. During that time the estimated underground price was around $0-$5k.

Upgrading to version 9.4.0.16811 eliminates this vulnerability.

See 135904 for similar entry.

Vendor

• Foxit

Name

• PhantomPDF

• 🔒

• 🔒

VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1

VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: 🔒
VulDB Reliability: 🔍

VulDB Base Score: 🔒
VulDB Temp Score: 🔒
VulDB Reliability: 🔍
Class: Information disclosure (CWE-200)
Local: No
Remote: Yes

Availability: 🔒
Status: Not defined

Price Prediction: 🔍
Current Price Estimation: 🔒

Threat Intelligenceinfoedit

Threat: 🔍
Adversaries: 🔍
Geopolitics: 🔍
Economy: 🔍
Predictions: 🔍
Remediation: 🔍Recommended: Upgrade
Status: 🔍

0-Day Time: 🔒

Upgrade: PhantomPDF 9.4.0.16811

01/24/2019 CVE assigned
04/19/2019 +85 days Vulnerability found
06/03/2019 +45 days Advisory disclosed
06/04/2019 +1 days VulDB entry created
06/04/2019 +0 days VulDB last updateVendor: foxitsoftware.com
CVE: CVE-2019-6756 (🔒)
OSVDB: - Foxit Software Foxit PhantomPDF information disclosure

See also: 🔒

Created: 06/04/2019 12:47 PM
Complete: 🔍

Comments

Comments are closed.