Uncontrolled Search Path Element in Foxit Reader by Foxit Software
CVE-2022-43310

7.8HIGH

Key Information:

Vendor: Foxit
Status: Foxit Reader
Vendor: CVE Published:; 9 November 2022

Summary

Foxit Reader version 11.2.118.51569 contains a vulnerability due to an uncontrolled search path element that can allow attackers to exploit the application. By not specifying an absolute path for DLL libraries, the software may inadvertently load malicious libraries placed in a non-secure location, enabling privilege escalation and potential unauthorized access to system resources. Users are strongly urged to update to the latest version to mitigate risks associated with this security flaw.

References

https://www.foxitsoftware.com/support/security-bulletins.php

https://www.foxitsoftware.cn/support/security-bulletins.html

https://github.com/hxxt9049/futing

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Nov 9, 2022
Vulnerability Reserved
Oct 17, 2022