Foxit PhantomPDF < 7.3.17 Multiple Vulnerabilities
High Nessus Plugin ID 119836
SynopsisA PDF toolkit installed on the remote Windows host is affected by multiple vulnerabilities.
DescriptionAccording to its version, the Foxit PhantomPDF application (formally known as Phantom) installed on the remote Windows host is prior to 7.3.17. It is, therefore, affected by multiple vulnerabilities when not running in Safe-Reading-Mode:
- Arbitrary File Write exposing the ability to drop a file to the local file system.
- Arbitrary Write resulting in an executable file on the local file system.
SolutionUpgrade to Foxit PhantomPDF version 7.3.17 or later.