Critical Foxit PhantomPDF Vulnerability
Date of Notice: 12/19/2022
Action Level - Critical
MCNC would like to make you aware of a CRITICAL vulnerability affecting Foxit PDF software on Windows OS. Currently there is no associated CVE. While there is no indication that this is actively being used in the wild, please consider prioritization of upgrading instances of Foxit in your environment.
- Foxit PDF Reader (previously named Foxit Reader)
- 184.108.40.20665 and earlier
- Foxit PDF Editor (previously named Foxit PhantomPDF)
- 220.127.116.1165 and all previous 12.x versions, 18.104.22.168593 and all previous 11.x versions, 10.1.9.37808 and earlier
As a CrowdStrike customer you can log into your portal and search for the presence by: click hamburger menu on upper left corner > Discover > Applications > Installed Applications Search. From here apply the following filters: Application: *Foxit*, OS: Windows. Run this search to get results for your Windows devices running ANY version of Foxit PhantomPDF, export to a CSV by hovering over the bottom left hand corner once loading is complete. NOTE: the search will return results for ALL Foxit software, this is because both the viewer and editor are vulnerable and may each have their previous names, ensure any Foxit PDF related software is fully patched.
While CrowdStrike is designed to prevent against such vulnerabilities and exploits it is always a good idea to ensure your software is patched and reduce the number of options bad actors have to exploit a given system.
If you have any questions please email email@example.com and we will assist you in understanding the impact in your environment.