Intrusion Prevention

Foxit.Reader.XFA.xdpContent.Information.Disclosure

Description

This indicates an attack attempt against an Information Disclosure vulnerability in Foxit Reader and PhantomPDF.
The vulnerability is due to an error in the application when handling a crafted PDF file. A remote attacker can exploit this to gain unauthorized access to sensitive information, via a crafted PDF file.

Affected Products

Foxit Software Foxit Reader 9.3.0.10826 and earlier
Foxit Software PhantomPDF 9.3.0.10826 and earlier

Impact

Information Disclosure: Remote attackers can gain sensitive information from vulnerable systems.

Recommended Actions

Apply the most recent upgrade or patch from the vendor:
https://www.foxitsoftware.com/support/security-bulletins.php#content-2019

CVE References

CVE-2018-3956