This vulnerability allows remote attackers to disclose sensitive information on affected installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of the util.printf Javascript method. The application processes the %p parameter in the format string, allowing heap addresses to be returned to the script. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process.
Affected Software | Affected Version | How to fix |
---|---|---|
Foxit PDF Reader |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of ZDI-19-635 is classified as moderate due to its potential for information disclosure.
To fix ZDI-19-635, you should update Foxit Reader to the latest version as provided by the vendor.
ZDI-19-635 can be exploited through social engineering techniques, requiring users to visit malicious web pages or open malicious files.
The primary effect of ZDI-19-635 is the potential unauthorized disclosure of sensitive information from affected Foxit Reader installations.
Yes, user interaction is mandatory to exploit ZDI-19-635 as the target must either visit a malicious page or open a malicious file.