CVE-2020-11493

HIGH

Foxit PhantomPDF < 9.7.3 and Reader < 10.0.1 - Information Disclosure via Crafted XObject

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-11493. PoCs published by fengjixuchui.

AI-analyzed exploit summary This PoC exploits a Docker Desktop for Windows privilege escalation vulnerability by impersonating a named pipe client to gain SYSTEM privileges. It creates a named pipe, waits for Docker to connect, impersonates the client, duplicates the token, and launches a new process with elevated privileges.

Description

In Foxit Reader and PhantomPDF before 10.0.1, and PhantomPDF before 9.7.3, attackers can obtain sensitive information about an uninitialized object because of direct transformation from PDF Object to Stream without concern for a crafted XObject.

Exploits (1)

nomisec WORKING POC 1 stars
by fengjixuchui · poc
https://github.com/fengjixuchui/CVE-2020-11493

This PoC exploits a Docker Desktop for Windows privilege escalation vulnerability by impersonating a named pipe client to gain SYSTEM privileges. It creates a named pipe, waits for Docker to connect, impersonates the client, duplicates the token, and launches a new process with elevated privileges.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Docker Desktop for Windows < 2.3.0.2
Auth required
Prerequisites: Run as an account with the right to impersonate the named pipe client, e.g., NT AUTHORITY\NETWORK SERVICE
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0093
EPSS Percentile 56.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

Details

CWE
CWE-345
Status published
Products (2)
foxitsoftware/phantompdf < 9.7.2.29539
foxitsoftware/reader < 10.0.0.35798
Published Sep 04, 2020
Tracked Since Feb 18, 2026