CVE-2015-8843

EUVD-2015-8709
The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.4 HIGH
LOCAL
HIGH
NONE
CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
foxitsoftwarefoxit_reader
6.1
foxitsoftwarefoxit_reader
6.1.2
foxitsoftwarefoxit_reader
6.1.4
foxitsoftwarefoxit_reader
6.2
foxitsoftwarefoxit_reader
6.2.1
foxitsoftwarefoxit_reader
7.0
foxitsoftwarefoxit_reader
7.0.1
foxitsoftwarefoxit_reader
7.0.6
foxitsoftwarefoxit_reader
7.1.5
foxitsoftwarefoxit_reader
7.2
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.zerodayinitiative.com/advisories/ZDI-15-640
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35
http://www.zerodayinitiative.com/advisories/ZDI-15-640
https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35