PT-2021-4450 · Foxit · Foxit Pdf Reader+2
Published
2021-10-12
·
Updated
2022-09-02
·
CVE-2021-40326
CVSS v2.0
7.8
High
| Vector | AV:N/AC:L/Au:N/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions
Foxit PDF Reader versions prior to 11.1
Foxit PDF Editor versions prior to 11.1
Foxit PhantomPDF versions prior to 10.1.6
Description
The issue is related to the mishandling of hidden and incremental data in signed documents, which can be exploited by an attacker to write to an arbitrary file and display controlled contents during signature verification. This can allow a remote attacker to bypass existing security restrictions.
Recommendations
For Foxit PDF Reader versions prior to 11.1, update to version 11.1 or later.
For Foxit PDF Editor versions prior to 11.1, update to version 11.1 or later.
For Foxit PhantomPDF versions prior to 10.1.6, update to version 10.1.6 or later.
Fix
Improper Verification of Cryptographic Signature
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Pdf Editor
Foxit Pdf Reader
Foxit Phantompdf