CVE-2024-12753

CWE-593 documents3 sources
Severity
7.3HIGH
EPSS
0.1%
top 81.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedDec 30

Description

Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage th

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:HExploitability: 1.3 | Impact: 5.9

Affected Packages3 packages

NVDfoxit/pdf_reader2024.3.0.26795
CVEListV5foxit/pdf_reader2024.2.3.25184
NVDfoxit/pdf_editor11.0.011.2.11.54113+4

🔴Vulnerability Details

2
CVEList
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability2024-12-30
GHSA
GHSA-rfx4-8cp9-vwwx: Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability2024-12-30
CVE-2024-12753 (HIGH CVSS 7.3) | Foxit PDF Reader Link Following Loc | cvebase.io