EUVD-2026-17761CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.
Analysis
Installer privilege escalation in Foxit PDF Reader and Foxit PDF Editor allows local authenticated users to execute arbitrary code with elevated system privileges via DLL search path manipulation. The installer's failure to use absolute paths for system executables enables attackers to plant malicious DLLs in user-writable directories that take precedence during installation, exploiting the trusted installer's elevated permissions. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: inventory all Foxit PDF Reader and Foxit PDF Editor deployments across the organization and disable installer auto-update if available. Within 7 days: communicate to users that manual installation/updates should be paused until vendor guidance is published; implement application whitelisting on machines running Foxit products to block unsigned DLL execution from user-writable paths. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today