CVE-2023-33240

EPSS 0.04%
Published 19.05.2023 06:15:08
Last modified 21.01.2025 20:15:30
Source cve@mitre.org
Teams watchlist Login
Open Login

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Foxit ≫ Pdf Editor Version <= 10.1.11.37866

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 11.0.0 <= 11.2.5.53785

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Editor Version >= 12.0.0 <= 12.1.1.15289

Microsoft ≫ Windows Version-

Foxit ≫ Pdf Reader Version <= 12.1.1.15289

Microsoft ≫ Windows Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.127

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://www.foxit.com/support/security-bulletins.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-33240

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-33240

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-33240

EUVD