CVE-2023-33240

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 12%
VendorProductVersion
foxitpdf_editor
𝑥
≤ 10.1.11.37866
foxitpdf_editor
11.0.0 ≤
𝑥
≤ 11.2.5.53785
foxitpdf_editor
12.0.0 ≤
𝑥
≤ 12.1.1.15289
foxitpdf_reader
𝑥
≤ 12.1.1.15289
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.foxit.com/support/security-bulletins.html
https://www.foxit.com/support/security-bulletins.html