Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-9244

7.8HIGH

Key Information:

Vendor: Foxit
Status: PDF Reader
Vendor: CVE Published:; 22 November 2024

Summary

The Foxit PDF Reader Update Service contains a vulnerability stemming from incorrect permission assignments in its configuration files. Local attackers with the capability to execute low-privileged code can exploit this flaw to escalate their privileges, allowing them to execute malicious code with elevated rights in the context of the SYSTEM account. This issue emphasizes the importance of proper permission settings on files used by system services.

Affected Version(s)

PDF Reader 2024.1.0.23997

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1298/

x_research-advisory

https://www.foxit.com/support/security-bulletins.html

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 22, 2024

Collectors

NVD DatabaseMitre Database