Description
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
References (3)
Core 3
Core References
Third Party Advisory
https://github.com/hxxt9049/futing
Vendor Advisory
https://www.foxitsoftware.cn/support/security-bulletins.html
Not Applicable, Vendor Advisory
https://www.foxitsoftware.com/support/security-bulletins.php
Scores
CVSS v3
7.8
EPSS
0.0005
EPSS Percentile
15.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-427
Status
published
Products (1)
foxitsoftware/foxit_reader
< 11.2.118.51569
Published
Nov 09, 2022
Tracked Since
Feb 18, 2026