Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nvd[email protected]NVD:CVE-2024-29072
HistoryMay 28, 2024 - 2:15 p.m.

CVE-2024-29072

2024-05-2814:15:12
CWE-295
[email protected]
web.nvd.nist.gov
6
nvd
cve-2024-29072
foxit reader
privilege escalation
improper certification validation
updater executable
low privilege user
update action
unexpected elevation

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

Related

vulnrichment 1
nessus 5
openvas 2
cvelist 1
kaspersky 1
talos 1
cve 1
talosblog 1
vulnrichment
vulnrichment
CVE-2024-29072
2024-05-28 13:52:58
nessus
nessus
Foxit PDF Editor < 11.2.10 Vulnerability
2024-05-26 00:00:00
Foxit PDF Editor < 2024.2.2 Vulnerability
2024-05-24 00:00:00
Foxit PDF Editor < 12.1.7 Vulnerability
2024-05-26 00:00:00
openvas
openvas
Foxit PhantomPDF Privilege Escalation Vulnerability (June 2024)
2024-06-19 00:00:00
Foxit Reader Privilege Escalation Vulnerability (June 2024)
2024-06-19 00:00:00
cvelist
cvelist
CVE-2024-29072
2024-05-28 13:52:58
kaspersky
kaspersky
KLA68205 PE vulnerability in Foxit Reader
2024-05-24 00:00:00
talos
talos
Foxit Reader Updater improper certificate validation privilege escalation vulnerability
2024-05-28 00:00:00
cve
cve
CVE-2024-29072
2024-05-28 14:15:12
talosblog
talosblog
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level privileges
2024-05-29 16:07:28

CVSS3

8.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

AI Score

8.3

Confidence

High

EPSS

0

Percentile

9.0%

JSON
Related for NVD:CVE-2024-29072
vulnrichment1nessus5openvas2cvelist1kaspersky1talos1cve1talosblog1