Privilege escalation in Foxit PDF Reader for Windows and Foxit PDF Editor (formerly Foxit PhantomPDF) - #VU1032
Published: October 19, 2016 / Updated: October 21, 2016
Vulnerability identifier: #VU1032
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: N/A
CWE-ID: CWE-284
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Foxit Software Inc.
Affected software:
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Foxit PDF Reader for Windows
Foxit PDF Editor (formerly Foxit PhantomPDF)
Detailed vulnerability description
The vulnerability allows a local user to obtain elevated privileges on the target system.
The vulnerability exists due to weak file permissions that lets attacker to elevate his privileges and access the system.
Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.
The vulnerability exists due to weak file permissions that lets attacker to elevate his privileges and access the system.
Successful exploitation of this vulnerability may result in arbitrary code execution on the vulnerable system.
Remediation
Update Foxit Reader to version 8.1.
Update Foxit PhantomPDF to version 8.1.
Update Foxit PhantomPDF to version 8.1.