■■■■■ Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader.
Adobe Reader: Adobe determined the behavior was not a security issue, as it is limited to intranet domains only. They emphasized that this design decision aligns with their trust model for handling network resources.
Foxit Reader: Foxit Software treated the discovery as a legitimate vulnerability, releasing a patched version — Foxit PDF Reader for Windows v2024.4 to address the issue. They encouraged users to download the latest version and highlighted the fix in their security bulletins.
Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader