Vulnerabilities > CVE-2015-2789 - Local Privilege Escalation vulnerability in Foxit Reader
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder. <a href="http://cwe.mitre.org/data/definitions/426.html">CWE-426: Untrusted Search Path</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 7 |
Exploit-Db
| description | Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege. CVE-2015-2789. Local exploit for windows platform |
| file | exploits/windows/local/36390.txt |
| id | EDB-ID:36390 |
| last seen | 2016-02-04 |
| modified | 2015-03-16 |
| platform | windows |
| port | |
| published | 2015-03-16 |
| reporter | LiquidWorm |
| source | https://www.exploit-db.com/download/36390/ |
| title | Foxit Reader 7.0.6.1126 - Unquoted Service Path Elevation Of Privilege |
| type | local |
References
- http://packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-Escalation.html
- http://www.exploit-db.com/exploits/36390
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25
- http://www.securityfocus.com/bid/73432
- http://www.securitytracker.com/id/1031879
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.php