CVE-2022-43310

CWE-4273 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 84.92%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Foxitsoftware Foxit Reader
Timeline
PublishedNov 9
Latest updateNov 10

Description

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages1 packages

NVDfoxitsoftware/foxit_reader< 11.2.118.51569

🔴Vulnerability Details

2
GHSA
GHSA-v33q-grx6-58x9: An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v112022-11-10
CVEList
CVE-2022-43310: An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v112022-11-09
CVE-2022-43310 (HIGH CVSS 7.8) | An Uncontrolled Search Path Element | cvebase.io