CVE-2026-3775— Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Editor/Reader Update Service Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

对搜索路径元素未加控制

Foxit PDF Reader和Foxit PDF Editor 安全漏洞

Foxit PDF Reader和Foxit PDF Editor都是中国福昕（Foxit）公司的产品。Foxit PDF Reader是一款PDF阅读器。Foxit PDF Editor是一款PDF编辑器。 Foxit PDF Reader和Foxit PDF Editor存在安全漏洞，该漏洞源于更新服务在检查更新时从包含低权限用户可写目录的搜索路径加载系统库，可能导致本地攻击者放置恶意库并以SYSTEM权限加载，引发本地权限提升和任意代码执行。

N/A

N/A