漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Foxit PDF Editor/Reader Installer Uncontrolled Search Path Privilege Escalation
Vulnerability Description
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Vulnerability Type
不可信的搜索路径
Vulnerability Title
Foxit PDF Reader和Foxit PDF Editor 安全漏洞
Vulnerability Description
Foxit PDF Reader和Foxit PDF Editor都是中国福昕(Foxit)公司的产品。Foxit PDF Reader是一款PDF阅读器。Foxit PDF Editor是一款PDF编辑器。 Foxit PDF Reader和Foxit PDF Editor存在安全漏洞,该漏洞源于安装程序以提升的权限运行,但使用包含用户可写目录的不受信任搜索路径解析系统可执行文件和DLL,可能导致本地攻击者放置同名恶意二进制文件并使其被加载或执行,从而造成本地权限提升。
CVSS Information
N/A
Vulnerability Type
N/A