Uncontrolled Search Path Element in Foxit Reader by Foxit Software
CVE-2022-43310
7.8HIGH
Summary
Foxit Reader version 11.2.118.51569 contains a vulnerability due to an uncontrolled search path element that can allow attackers to exploit the application. By not specifying an absolute path for DLL libraries, the software may inadvertently load malicious libraries placed in a non-secure location, enabling privilege escalation and potential unauthorized access to system resources. Users are strongly urged to update to the latest version to mitigate risks associated with this security flaw.
References
CVSS V3.1
Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved