Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2015-2789 — Foxit Reader vulnerability

4 documents4 sources

Severity

4.4MEDIUMNVD

EPSS

0.2%

top 60.90%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Foxitsoftware Foxit Reader

Timeline

PublishedMar 30

Latest updateMay 17

Description

Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages1 packages

▶NVDfoxitsoftware/foxit_reader7 versions+6

Patches

Patch: www.foxitsoftware.com ↗Patch: www.foxitsoftware.com ↗

🔴Vulnerability Details

GHSA

GHSA-pfjw-vh8j-x52x: Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6↗2022-05-17

▶

CVEList

CVE-2015-2789: Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6↗2015-03-30

▶

💥Exploits & PoCs

Exploit-DB

Foxit Reader 7.0.6.1126 - Unquoted Service Path Privilege Escalation↗2015-03-16

▶