Vulnerability Description
An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path.
CVSS Score
7.8
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Foxitsoftware | Foxit Reader | < 11.2.118.51569 |
Related Weaknesses (CWE)
References
- https://github.com/hxxt9049/futingThird Party Advisory
- https://www.foxitsoftware.cn/support/security-bulletins.htmlVendor Advisory
- https://www.foxitsoftware.com/support/security-bulletins.phpNot ApplicableVendor Advisory
- https://github.com/hxxt9049/futingThird Party Advisory
- https://www.foxitsoftware.cn/support/security-bulletins.htmlVendor Advisory
- https://www.foxitsoftware.com/support/security-bulletins.phpNot ApplicableVendor Advisory
FAQ
What is CVE-2022-43310?
CVE-2022-43310 is a vulnerability with a CVSS score of 7.8 (HIGH). An Uncontrolled Search Path Element in Foxit Software released Foxit Reader v11.2.118.51569 allows attackers to escalate privileges when searching for DLL libraries without specifying an absolute path...
How severe is CVE-2022-43310?
CVE-2022-43310 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-43310?
Check the references section above for vendor advisories and patch information. Affected products include: Foxitsoftware Foxit Reader.