PT-2022-26842 · Foxit · Foxit Reader
Published
2022-11-09
·
Updated
2022-11-15
·
CVE-2022-43310
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Foxit Reader version 11.2.118.51569
Description
The issue allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path. This is due to an uncontrolled search path element in Foxit Software's Foxit Reader.
Recommendations
For Foxit Reader version 11.2.118.51569, consider specifying absolute paths when searching for DLL libraries to prevent privilege escalation until a patch is available. As a temporary workaround, restrict the use of DLL libraries without absolute paths to minimize the risk of exploitation.
Fix
Uncontrolled Search Path Element
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foxit Reader