CVE-2022-43310

high

Description

An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.

References

https://www.foxitsoftware.com/support/security-bulletins.php

https://www.foxitsoftware.cn/support/security-bulletins.html

https://github.com/hxxt9049/futing

Details

Source: Mitre, NVD

Published: 2022-11-09

Updated: 2022-11-15

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High