CVE-2024-29072

A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper certification validation of the updater executable before executing it. A low privilege user can trigger the update action which can result in unexpected elevation of privilege.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.5 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989	Exploit Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989	Exploit Third Party Advisory
https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

AND

OR	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_editor::::::::
	cpe:2.3:a:foxit:pdf_reader::::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

History

22 Aug 2025, 16:03

Type	Values Removed	Values Added
First Time		Foxit pdf Editor Foxit Foxit pdf Reader Microsoft windows Microsoft
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - Exploit, Third Party Advisory
References	~~() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -~~	() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 - Exploit, Third Party Advisory
CPE		cpe:2.3:a:foxit:pdf_editor:::::::: cpe:2.3:a:foxit:pdf_reader:::::::: cpe:2.3:o:microsoft:windows:-:::::::*

21 Nov 2024, 09:07

Type	Values Removed	Values Added
References	~~() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -~~	() https://talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
References	~~() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -~~	() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -

10 Jun 2024, 18:15

Type	Values Removed	Values Added
References		() https://www.talosintelligence.com/vulnerability_reports/TALOS-2024-1989 -
Summary		(es) Existe una vulnerabilidad de escalada de privilegios en Foxit Reader 2024.2.0.25138. La vulnerabilidad se produce debido a una validación de certificación inadecuada del ejecutable del actualizador antes de ejecutarlo. Un usuario con privilegios bajos puede desencadenar la acción de actualización, lo que puede resultar en una elevación inesperada de privilegios.

28 May 2024, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-28 14:15

Updated : 2025-08-22 16:03

NVD link : CVE-2024-29072

Mitre link : CVE-2024-29072

CVE.ORG link : CVE-2024-29072

JSON object : View

Products Affected

foxit

pdf_editor
pdf_reader

microsoft

windows

CWE

CWE-295

Improper Certificate Validation

8.2 /10