The host is installed with Foxit Reader through 10.1.0.37527 or Foxit PhantomPDF before 9.7.5 or 10.x through 10.1.0.37527 and is prone to a spoofing vulnerability. A flaw is present in the applications which fails to properly handle null value for a Subtype entry of the Annotation dictionary. Successful exploitation allow an attacker to spoof a certified PDF document via an Evil Annotation Attack.