CVE-2023-33240

EPSS 0.04%
Veröffentlicht 19.05.2023 06:15:08
Zuletzt bearbeitet 21.01.2025 20:15:30
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 10.1.11.37866

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 11.0.0 <= 11.2.5.53785

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 12.0.0 <= 12.1.1.15289

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 12.1.1.15289

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-33240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33240

EUVD