7.8
CVE-2026-3780
- EPSS 0.01%
- Veröffentlicht 01.04.2026 01:40:33
- Zuletzt bearbeitet 28.04.2026 14:14:57
- Quelle 14984358-7092-470d-8f34-ade47a
- CVE-Watchlists
- Unerledigt
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Foxit ≫ Pdf Editor Version <= 13.2.2.24014
Foxit ≫ Pdf Editor Version >= 14.0.0.33046 <= 14.0.2.33402
Foxit ≫ Pdf Editor Version >= 2023.1.0.15510 <= 2023.3.0.23028
Foxit ≫ Pdf Editor Version >= 2024.1.0.23997 <= 2024.4.1.27687
Foxit ≫ Pdf Editor Version >= 2025.1.0.27937 <= 2025.3.0.35737
Foxit ≫ Pdf Reader Version <= 2025.3.0.35737
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.01% | 0.029 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
|
| 14984358-7092-470d-8f34-ade47a7658a2 | 7.3 | 1.3 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
|
CWE-426 Untrusted Search Path
The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.