First published: Mon Dec 30 2024(Updated: )
Foxit PDF Reader Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Foxit PDF Reader. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the product installer. By creating a junction, an attacker can abuse the installer process to create an arbitrary file. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of SYSTEM. Was ZDI-CAN-25408.
Credit: zdi-disclosures@trendmicro.com
Affected Software | Affected Version | How to fix |
---|---|---|
Foxit Reader |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-12753 is classified as a local privilege escalation vulnerability affecting Foxit PDF Reader.
To fix CVE-2024-12753, update your Foxit PDF Reader to the latest version provided by the vendor.
CVE-2024-12753 affects users of Foxit PDF Reader on systems where an attacker can execute low-privileged code.
An attacker exploiting CVE-2024-12753 can escalate privileges and potentially take control of the affected system.
As of now, there are no reported active exploits for CVE-2024-12753, but users should remain vigilant.