CVE-2024-9244

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader (affected versions not specified)

Description: This issue allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this issue. The specific flaw exists within the handling of the configuration files used by the Foxit Reader Update Service. The issue results from incorrect permissions set on a resource used by the service. An attacker can leverage this issue to escalate privileges and execute code in the context of SYSTEM.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this issue.

Fix

LPE

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-275CWE-732

Related Identifiers

BDU:2024-07909

CVE-2024-9244

ZDI-24-1298

Affected Products

Foxit Pdf Reader

CVE-2024-9244

Weakness Enumeration

Related Identifiers

Affected Products

References · 9