Privilege Escalation Vulnerability in Foxit Reader

CVE-2024-29072

8.2HIGH

Key Information

Vendor: Foxit
Status: Foxit Reader
Vendor: CVE Published:; 28 May 2024

Summary

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

Affected Version(s)

Foxit Reader = 2024.2.0.25138

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published.
May 28, 2024
Vulnerability Reserved.
May 3, 2024

Collectors

NVD DatabaseMitre Database

Credit

Discovered by KPC of Cisco Talos.