CVE-2015-8843

high

Description

The Foxit Cloud Update Service (FoxitCloudUpdateService) in Foxit Reader 6.1 through 6.2.x and 7.x before 7.2.2, when an update to the Cloud plugin is available, allows local users to gain privileges by writing crafted data to a shared memory region, which triggers memory corruption.

References

https://www.foxitsoftware.com/support/security-bulletins.php#FRD-35

http://www.zerodayinitiative.com/advisories/ZDI-15-640

Details

Source: Mitre, NVD

Published: 2016-04-13

Updated: 2016-04-19

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.4

Vector: CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: High