Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability
CVE-2024-9244

7.8HIGH

Key Information:

Vendor: Foxit
Status: PDF Reader
Vendor: CVE Published:; 22 November 2024

What is CVE-2024-9244?

The Foxit PDF Reader Update Service contains a vulnerability stemming from incorrect permission assignments in its configuration files. Local attackers with the capability to execute low-privileged code can exploit this flaw to escalate their privileges, allowing them to execute malicious code with elevated rights in the context of the SYSTEM account. This issue emphasizes the importance of proper permission settings on files used by system services.

Affected Version(s)

PDF Reader 2024.1.0.23997

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1298/

x_research-advisory

https://www.foxit.com/support/security-bulletins.html

vendor-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 22, 2024