Foxit Products Uncontrolled Search Path Privilege Escalation Vulnerability Allowing Arbitrary Code Execution
Vulnerability
A vulnerability exists in Foxit PDF Reader and Foxit PDF Editor due to the application's update service loading system libraries from an untrusted search path that includes user-writable directories. This flaw allows local attackers to place malicious libraries in these directories, which are then loaded with SYSTEM privileges, leading to local privilege escalation and arbitrary code execution. The issue affects multiple versions of Foxit PDF Reader and Foxit PDF Editor on Windows, as well as Foxit PDF Editor for Mac.
Impact
Exploitation of this vulnerability could result in local privilege escalation and arbitrary code execution, with the malicious code executed under SYSTEM privileges.
Remediation
Users can update to the latest versions of Foxit PDF Reader or Foxit PDF Editor. For Foxit PDF Reader, the updated version can be downloaded from the Foxit PDF Reader catalog. For Foxit PDF Editor, the updated version can be downloaded from the Foxit PDF Editor catalog. Foxit PDF Editor for Mac and Foxit PDF Reader for Mac have also been updated to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.