CVE-2023-33240

Published: May 19, 2023Modified: Jan 21, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Affected (4)

Products: Foxit: Pdf Editor, Pdf Reader

Foxit

2 products

Pdf Editor

Pdf Reader

Configuration A

4 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxit Pdf Editor	Up to 10.1.11.37866
Foxit Pdf Editor	From 11.0.0 to 11.2.5.53785
Foxit Pdf Editor	From 12.0.0 to 12.1.1.15289
Foxit Pdf Reader	Up to 12.1.1.15289

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://www.foxit.com/support/security-bulletins.html

Source: cve@mitre.org

Vendor Advisory

https://www.foxit.com/support/security-bulletins.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.