CVE-2024-32488

Published: Apr 15, 2024Modified: Jul 9, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

In Foxit PDF Reader and Editor before 2024.1, Local Privilege Escalation could occur during update checks because weak permissions on the update-service folder allow attackers to place crafted DLL files there.

Affected (6)

Products: Foxit: Pdf Editor, Pdf Reader

Foxit

2 products

Pdf Editor

Pdf Reader

Configuration A

6 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Foxit Pdf Editor	Before 10.1.12.37872
Foxit Pdf Editor	From 11.0.0 to 11.2.8.53842
Foxit Pdf Editor	From 12.0.0 to 12.1.4.15400
Foxit Pdf Editor	From 13.0.0 to 13.0.1.21693
Foxit Pdf Editor	From 2023.1.0.15510 to 2023.3.0.23028
Foxit Pdf Reader	Before 2023.3.0.23028

Running on/with	Platform Versions
Microsoft Windows	All versions

Related CWEs

CWE-280

Improper Handling of Insufficient Permissions or Privileges

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state.

References (2)

https://www.foxit.com/support/security-bulletins.html

Source: cve@mitre.org

Vendor Advisory

https://www.foxit.com/support/security-bulletins.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.