CVE-2024-32488Improper Handling of Insufficient Permissions or Privileges in PDF Editor

CWE-280Improper Handling of Insufficient Permissions or Privileges3 documents3 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 89.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedApr 15

Description

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

NVDfoxit/pdf_editor11.0.011.2.8.53842+4
NVDfoxit/pdf_reader< 2023.3.0.23028

🔴Vulnerability Details

2
CVEList
CVE-2024-32488: In Foxit PDF Reader and Editor before 20242024-04-15
GHSA
GHSA-94v3-rgqr-v5g3: In Foxit PDF Reader and Editor before 20242024-04-15
CVE-2024-32488 — Foxit PDF Editor vulnerability | cvebase