Lucene search
HistoryMar 30, 2015 - 2:59 p.m.
CVE-2015-2789
cve-2015-2789
foxit reader
windows
search path vulnerability
privilege escalation
local users
nvd
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.0%
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
Affected configurations
Node
foxitsoftwarefoxit_readerMatch6.1
ORfoxitsoftwarefoxit_readerMatch6.1.2
ORfoxitsoftwarefoxit_readerMatch6.1.4
ORfoxitsoftwarefoxit_readerMatch6.2
ORfoxitsoftwarefoxit_readerMatch6.2.1
ORfoxitsoftwarefoxit_readerMatch7.0
ORfoxitsoftwarefoxit_readerMatch7.0.6
References
Related
cvelist
cvelist
CVE-2015-2789
2015-03-30 14:00:00
nvd
nvd
CVE-2015-2789
2015-03-30 14:59:09
zeroscience
zeroscience
Foxit Reader 7.0.6.1126 Unquoted Service Path Elevation Of Privilege
2015-03-14 00:00:00
kaspersky
kaspersky
KLA10517 Privilege escalation in Foxit Reader
2015-03-30 00:00:00
openvas
openvas
Foxit Reader Cloud Plugin Windows Search Path Vulnerability
2015-04-07 00:00:00
Microsoft Windows Unquoted Path Vulnerability (SMB Login)
2018-03-23 00:00:00
prion
prion
Design/Logic Flaw
2015-03-30 14:59:00
4.4 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
25.0%
Related for CVE-2015-2789