EUVD-2026-17751
GHSA-j35c-qjxf-46vc
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.
Analysis
DLL search path hijacking in Foxit PDF Editor and Foxit PDF Reader update services enables local privilege escalation to SYSTEM. Low-privileged authenticated users can plant malicious libraries in writable directories that are resolved during update checks, achieving arbitrary code execution with elevated privileges. …
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Identify all endpoints running Foxit PDF Editor and Foxit PDF Reader using inventory tools; disable auto-update features in both applications until a patch is released. Within 7 days: restrict write permissions on system directories where Foxit processes execute; implement AppLocker or similar controls to prevent unsigned DLL loading in Foxit process contexts. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today