CVE-2024-29072
published 2024-05-28CVE-2024-29072: A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the…
high8.2CVSS 3.1
AVLACLPRLUIRSCCHIHAH
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| foxit | foxit_reader | — | — |
| foxit | pdf_editor | <= 11.2.9.53938 | — |
| foxit | pdf_editor | 12.0.0 – 12.1.6.15509 | — |
| foxit | pdf_editor | 13.0.0 – 13.1.1.22432 | — |
| foxit | pdf_editor | 2023.1.0.15510 – 2023.3.0.23028 | — |
| foxit | pdf_editor | 2024.1.0.23997 – 2024.2.1.25153 | — |
| foxit | pdf_reader | <= 2024.2.1.25153 | — |