Vulnerability Key Information Advisory ID: ZDI-19-447, ZDI-CAN-8272 CVE ID: CVE-2019-6773 CVSS Score: 3.3 (AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) Affected Vendor: Foxit Affected Product: Foxit Reader Vulnerability Details Description: This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability by visiting a malicious page or opening a malicious file. Specific Issue: The flaw exists in the handling of the richValue property of a Field object within AcroForms, resulting from a lack of validating the existence of an object before performing operations on it. An attacker can leverage this in conjunction with other vulnerabilities to execute code in the context of the current process. Additional Details Patch Availability: Foxit has issued an update to correct this vulnerability. More details can be found at: https://www.foxitsoftware.com/support/security-bulletins.php Disclosure Timeline 2019-03-27: Vulnerability reported to vendor 2019-04-29: Coordinated public release of advisory Credit Reporter: Anonymous