CVE-2024-29072

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-29072
A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
History

22 Aug 2025, 16:03

Type Values Removed Values Added
CPE cpe:2.3:a:foxit:pdf_editor:*:*:*:*:*:*:*:*
cpe:2.3:a:foxit:pdf_reader:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
First Time Foxit pdf Editor
Foxit
Foxit pdf Reader
Microsoft windows
Microsoft
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - Exploit, Third Party Advisory
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - Exploit, Third Party Advisory

21 Nov 2024, 09:07

Type Values Removed Values Added
References () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
References () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -

10 Jun 2024, 18:15

Type Values Removed Values Added
References
  • () https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
Summary
  • (es) Existe una vulnerabilidad de escalada de privilegios en Foxit Reader 2024.2.0.25138. La vulnerabilidad se produce debido a una validación de certificación inadecuada del ejecutable del actualizador antes de ejecutarlo. Un usuario con privilegios bajos puede desencadenar la acción de actualización, lo que puede resultar en una elevación inesperada de privilegios.

28 May 2024, 14:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-05-28 14:15

Updated : 2025-08-22 16:03

NVD link : CVE-2024-29072

Mitre link : CVE-2024-29072

CVE.ORG link : CVE-2024-29072

JSON object : View

Products Affected

foxit

  • pdf_reader
  • pdf_editor

microsoft

  • windows
CWE
CWE-295

Improper Certificate Validation