January 15, 2025 at 11:14PM

■■■■■ Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader.

Adobe Reader: Adobe determined the behavior was not a security issue, as it is limited to intranet domains only. They emphasized that this design decision aligns with their trust model for handling network resources.

Foxit Reader: Foxit Software treated the discovery as a legitimate vulnerability, releasing a patched version — Foxit PDF Reader for Windows v2024.4 to address the issue. They encouraged users to download the latest version and highlighted the fix in their security bulletins.

Zero-Day Vulnerability in PDF Files Leaking NTLM Data in Adobe & Foxit Reader