Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2789

Overview

Vulnerability Score 4.4 4.4
CVE Id CVE-2015-2789
Last Modified 31 Mar 2015 01:22:47
Published 30 Mar 2015 10:59:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2789

Summary

Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

Vulnerable Systems

Application

  • Foxitsoftware Reader 6.1

  • Foxitsoftware Reader 6.1.2

  • Foxitsoftware Reader 6.1.4

  • Foxitsoftware Reader 6.2

  • Foxitsoftware Reader 6.2.1

  • Foxitsoftware Reader 7.0

  • Foxitsoftware Reader 7.0.6


References

MISC - http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.php

SECTRACK - 1031879

CONFIRM - http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25

EXPLOIT-DB - 36390

MISC - http://packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-Escalation.html


Last Updated: 27 May 2016 11:08:16