CVE-2023-33240 - OpenCVE

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2.

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Foxit	Pdf Reader Pdf Editor
Microsoft	Windows

Configuration 1 [-]

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.foxit.com/support/security-bulletins.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2023-05-19T00:00:00

Updated: 2023-05-19T00:00:00

Reserved: 2023-05-19T00:00:00

Link: CVE-2023-33240

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-05-19T06:15:08.467

Modified: 2023-05-26T03:32:54.867

Link: CVE-2023-33240

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "1F03F0F0-B6CA-45EB-BD19-C3573DAD4C3D", "versionEndIncluding": "10.1.11.37866", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "7B76ABE6-A4AD-4204-94BE-0F54413EF686", "versionEndIncluding": "11.2.5.53785", "versionStartIncluding": "11.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*", "matchCriteriaId": "53A0D641-42E8-419F-8331-30E361956C72", "versionEndIncluding": "12.1.1.15289", "versionStartIncluding": "12.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*", "matchCriteriaId": "855A569D-D3C2-4205-AF0A-87E825A10FB2", "versionEndIncluding": "12.1.1.15289", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows allows Local Privilege Escalation when installed to a non-default directory because unprivileged users have access to an executable file of a system service. This is fixed in 12.1.2."}], "id": "CVE-2023-33240", "lastModified": "2023-05-26T03:32:54.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-05-19T06:15:08.467", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.foxit.com/support/security-bulletins.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}