Impact
A local privilege escalation flaw allows a low‑privilege user to place a user‑controlled executable that will be run by a high‑privilege PDF processing process. The execution grants the user full SYSTEM rights, enabling complete control over the affected machine. The vulnerability is a classic case of improper privilege management and could be used to compromise the integrity and availability of the system.
Affected Systems
Foxit Software Inc. products, specifically Foxit PDF Editor and Foxit PDF Reader, are affected. Version information is not specified in the advisory, so any installed edition may be vulnerable until patched.
Risk and Exploitability
The CVSS score of 8.2 indicates moderate‑to‑high severity. The EPSS score is currently unavailable and the vulnerability is not listed in CISA KEV, suggesting limited current exploitation activity. The likely attack vector is local: an attacker with file‑system access can craft a malicious executable that the PDF application will run, elevating privileges to SYSTEM. No remote engagement is required, and exploitation requires only that the victim opens the crafted PDF. The impact is complete compromise of the affected system.
OpenCVE Enrichment