Published on June 5th, 2019 📆 | 5355 Views ⚑
0Foxit PhantomPDF up to 9.4.0 HTML File information disclosure
CVSS Meta Temp Score | Current Exploit Price (β) |
---|---|
4.1 | $0-$5k |
A vulnerability was found in Foxit PhantomPDF up to 9.4.0. It has been rated as problematic. Affected by this issue is some processing. The manipulation as part of a HTML File leads to a information disclosure vulnerability. Using CWE to declare the problem leads to CWE-200. Impacted is confidentiality.
The bug was discovered 04/19/2019. The weakness was presented 06/03/2019. This vulnerability is handled as CVE-2019-6756 since 01/24/2019. The attack may be launched remotely. No form of authentication is required for exploitation. There are neither technical details nor an exploit publicly available.
The vulnerability was handled as a non-public zero-day exploit for at least 45 days. During that time the estimated underground price was around $0-$5k.
Upgrading to version 9.4.0.16811 eliminates this vulnerability.
See 135904 for similar entry.
Vendor
Name
VulDB Meta Base Score: 4.3
VulDB Meta Temp Score: 4.1
VulDB Base Score: 4.3
VulDB Temp Score: 4.1
VulDB Vector: π
VulDB Reliability: π
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
π | π | π | π | π | π |
π | π | π | π | π | π |
π | π | π | π | π | π |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: π
VulDB Temp Score: π
VulDB Reliability: π
Class: Information disclosure (CWE-200)
Local: No
Remote: Yes
Availability: π
Status: Not defined
Price Prediction: π
Current Price Estimation: π
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Threat Intelligence
Threat: π
Adversaries: π
Geopolitics: π
Economy: π
Predictions: π
Remediation: πRecommended: Upgrade
Status: π
0-Day Time: π
Upgrade: PhantomPDF 9.4.0.16811
01/24/2019 CVE assigned
04/19/2019 Vulnerability found
06/03/2019 Advisory disclosed
06/04/2019 VulDB entry created
06/04/2019 VulDB last updateVendor: foxitsoftware.com
CVE: CVE-2019-6756 (π)
OSVDB: - Foxit Software Foxit PhantomPDF information disclosure
See also: π
Created: 06/04/2019 12:47 PM
Complete: π
Comments
See the underground prices here!
https://vuldb.com/?id.135908
No comments yet. Please log in to comment.