CVE-2023-33240Incorrect Default Permissions in PDF Editor

CWE-276Incorrect Default Permissions3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.1%
top 84.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedMay 19

Description

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor11.0.011.2.5.53785+2
NVDfoxit/pdf_reader12.1.1.15289

🔴Vulnerability Details

2
CVEList
CVE-2023-33240: Foxit PDF Reader (122023-05-19
GHSA
GHSA-fwcg-248m-r4cx: Foxit PDF Reader (122023-05-19
CVE-2023-33240 — Incorrect Default Permissions | cvebase