Foxit PDF Reader and Editor Local Privilege Escalation Vulnerability in Update Service

A local privilege escalation vulnerability has been identified in the Foxit PDF Reader/Editor Update Service. This issue arises during plugin installation, where incorrect file system permissions are granted to resources utilized by the update service. A local attacker with low privileges could exploit this vulnerability by modifying or replacing these resources, which are subsequently executed by the service, leading to the execution of arbitrary code with SYSTEM privileges.

Impact

Exploitation of this vulnerability allows for local privilege escalation, enabling an attacker to execute arbitrary code with SYSTEM privileges.

Remediation

Users can update to the latest versions of Foxit PDF Reader or Foxit PDF Editor. For Foxit PDF Reader, the updated version can be downloaded from the Foxit PDF Reader catalog. For Foxit PDF Editor, the updated version is available on the Foxit PDF Editor catalog. Instructions for checking for updates within the application are also provided.