Vulnerability Description
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | 6.1 |
References
- http://packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-EsExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/36390ExploitThird Party AdvisoryVDB Entry
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25PatchVendor Advisory
- http://www.securityfocus.com/bid/73432
- http://www.securitytracker.com/id/1031879Third Party AdvisoryVDB Entry
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.phpThird Party Advisory
- http://packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-EsExploitThird Party AdvisoryVDB Entry
- http://www.exploit-db.com/exploits/36390ExploitThird Party AdvisoryVDB Entry
- http://www.foxitsoftware.com/support/security_bulletins.php#FRD-25PatchVendor Advisory
- http://www.securityfocus.com/bid/73432
- http://www.securitytracker.com/id/1031879Third Party AdvisoryVDB Entry
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.phpThird Party Advisory
FAQ
What is CVE-2015-2789?
CVE-2015-2789 is a vulnerability with a CVSS score of 4.4 (MEDIUM). Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse pr...
How severe is CVE-2015-2789?
CVE-2015-2789 has been rated MEDIUM with a CVSS base score of 4.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-2789?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader.