CVE-2024-9245

Name of the Vulnerable Software and Affected Versions Foxit PDF Reader (affected versions not specified) Foxit PDF Editor (affected versions not specified)

Description This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the handling of configuration files used by the Foxit Reader Update Service, resulting from incorrect permissions set on a resource used by the service. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of SYSTEM. The attacker must first obtain the ability to execute low-privileged code on the target system.

Recommendations For Foxit PDF Reader, update to a version that fixes the incorrect permission assignment issue. For Foxit PDF Editor, update to a version that fixes the incorrect permission assignment issue. As a temporary workaround, consider restricting access to the Foxit Reader Update Service until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.