CVE-2024-9244

CWE-732Incorrect Permission Assignment3 documents3 sources
Severity
7.8HIGH
EPSS
0.0%
top 85.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Foxit PDF EditorFoxit PDF Reader
Timeline
PublishedNov 22
Latest updateNov 23

Description

Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect p

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDfoxit/pdf_reader2024.2.3.25184
CVEListV5foxit/pdf_reader2024.1.0.23997
NVDfoxit/pdf_editor12.012.1.7.15526+4

🔴Vulnerability Details

2
GHSA
GHSA-qgx5-5h35-jw4r: Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability2024-11-23
CVEList
Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerability2024-11-22
CVE-2024-9244 (HIGH CVSS 7.8) | Foxit PDF Reader Update Service Inc | cvebase.io