Incorrect vulnerability reporting for Foxit Phantom PDF v8

%3CLINGO-SUB%20id%3D%22lingo-sub-660131%22%20slang%3D%22en-US%22%3EIncorrect%20vulnerability%20reporting%20for%20Foxit%20Phantom%20PDF%20v8%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-660131%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20have%20a%20number%20of%20PCs%20with%20Phantom%20PDF%20V8%20installed.%3C%2FP%3E%3CP%3EATP%20is%20incorrectly%20reporting%20lots%20of%20vulnerabilities%20with%20the%20latest%20version%26nbsp%3B8.3.10.42705.%3C%2FP%3E%3CP%3EATP%20is%20reporting%20that%20this%20contains%26nbsp%3B322%20Vulnerabilities.%26nbsp%3B%20For%20example%2C%20CVE-2018-17615%20(ZDI-CAN-6333)%20is%20listed%2C%20this%20was%20patched%20in%20Phantom%208.3.8%2C%20and%20Phantom%209.3%20%3CA%20href%3D%22https%3A%2F%2Fwww.foxitsoftware.com%2Fsupport%2Fsecurity-bulletins.php%22%20target%3D%22_blank%22%20rel%3D%22nofollow%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fwww.foxitsoftware.com%2Fsupport%2Fsecurity-bulletins.php%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-672029%22%20slang%3D%22en-US%22%3ERe%3A%20Incorrect%20vulnerability%20reporting%20for%20Foxit%20Phantom%20PDF%20v8%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-672029%22%20slang%3D%22en-US%22%3E%3CP%3EThank%20you%20for%20reporting%20this.%3C%2FP%3E%0A%3CP%3EIndeed%2C%20the%20fix%20affected%202%20releases%20%3CSPAN%3E8.3.7.38093%20(and%20earlier)%20%26amp%3B%3C%2FSPAN%3E%26nbsp%3B%3CSPAN%3E9.2.0.9297%20(and%20earlier)%20and%20we%20only%20covered%20the%20latter.%20This%20should%20be%20fixed%20in%20the%20next%2024%20hours.%26nbsp%3B%3C%2FSPAN%3E%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-680085%22%20slang%3D%22en-US%22%3ERe%3A%20Incorrect%20vulnerability%20reporting%20for%20Foxit%20Phantom%20PDF%20v8%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-680085%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70643%22%20target%3D%22_blank%22%3E%40Tomer%20Teller%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EHi%2C%20Is%20there%20any%20update%20on%20this%3F%26nbsp%3B%20%26nbsp%3BPhantom%208.3.10.42705%20is%20still%20showing%20as%20having%20315%20vulnerabilities%2C%20including%20the%20one%20mentioned%20in%20the%20first%20post.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-699660%22%20slang%3D%22en-US%22%3ERe%3A%20Incorrect%20vulnerability%20reporting%20for%20Foxit%20Phantom%20PDF%20v8%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-699660%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F70643%22%20target%3D%22_blank%22%3E%40Tomer%20Teller%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EVersion%208.3.10.42705%20is%20now%20showing%20230%20vulnerabilities.%26nbsp%3B%20I%20believe%20this%20should%20be%20zero.%3C%2FP%3E%3CP%3EFor%20example%26nbsp%3B%3CSPAN%3ECVE-2018-14442%20AKA%26nbsp%3BV-88f4smlocs%20was%20fixed%20in%20Phantom%20version%26nbsp%3B8.3.7%20and%209.2.%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3EIt%20would%20be%20great%20to%20get%20this%20fixed!%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-705950%22%20slang%3D%22en-US%22%3ERe%3A%20Incorrect%20vulnerability%20reporting%20for%20Foxit%20Phantom%20PDF%20v8%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-705950%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F352450%22%20target%3D%22_blank%22%3E%40SteveJ50%3C%2FA%3E%26nbsp%3BThe%26nbsp%3Bteam%20is%20going%20to%20address%20all%20FoxIT%20security%20bulletin%20in%20our%20next%20update.%20This%20will%20solve%20the%20issue%20for%20all%20230%20vulnerabilities.%3C%2FP%3E%3C%2FLINGO-BODY%3E
New Contributor

We have a number of PCs with Phantom PDF V8 installed.

ATP is incorrectly reporting lots of vulnerabilities with the latest version 8.3.10.42705.

ATP is reporting that this contains 322 Vulnerabilities.  For example, CVE-2018-17615 (ZDI-CAN-6333) is listed, this was patched in Phantom 8.3.8, and Phantom 9.3 https://www.foxitsoftware.com/support/security-bulletins.php 

 

 

4 Replies

Thank you for reporting this.

Indeed, the fix affected 2 releases 8.3.7.38093 (and earlier) & 9.2.0.9297 (and earlier) and we only covered the latter. This should be fixed in the next 24 hours. 

 

 

@Tomer Teller 

Hi, Is there any update on this?   Phantom 8.3.10.42705 is still showing as having 315 vulnerabilities, including the one mentioned in the first post.

 

@Tomer Teller 

Version 8.3.10.42705 is now showing 230 vulnerabilities.  I believe this should be zero.

For example CVE-2018-14442 AKA V-88f4smlocs was fixed in Phantom version 8.3.7 and 9.2.

 

It would be great to get this fixed!

@SteveJ50 The team is going to address all FoxIT security bulletin in our next update. This will solve the issue for all 230 vulnerabilities.