Uncontrolled Search Path Element in Foxit Reader by Foxit Software
CVE-2022-43310

7.8HIGH

Key Information:

Vendor
Foxit
Vendor
CVE Published:
9 November 2022

Summary

Foxit Reader version 11.2.118.51569 contains a vulnerability due to an uncontrolled search path element that can allow attackers to exploit the application. By not specifying an absolute path for DLL libraries, the software may inadvertently load malicious libraries placed in a non-secure location, enabling privilege escalation and potential unauthorized access to system resources. Users are strongly urged to update to the latest version to mitigate risks associated with this security flaw.

References

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.