Unrated severityNVD Advisory· Published Mar 30, 2015· Updated May 6, 2026

CVE-2015-2789

Description

Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.

Affected products

Foxitsoftware/Foxit Reader7 versions
cpe:2.3:a:foxitsoftware:foxit_reader:6.1:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:foxitsoftware:foxit_reader:6.1:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:6.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:6.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:6.2:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:6.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:7.0:*:*:*:*:*:*:*
- cpe:2.3:a:foxitsoftware:foxit_reader:7.0.6:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.foxitsoftware.com/support/security_bulletins.phpnvdPatchVendor Advisory
packetstormsecurity.com/files/130840/Foxit-Reader-7.0.6.1126-Privilege-Escalation.htmlnvdExploitThird Party AdvisoryVDB Entry
www.exploit-db.com/exploits/36390nvdExploitThird Party AdvisoryVDB Entry
www.securitytracker.com/id/1031879nvdThird Party AdvisoryVDB Entry
www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5235.phpnvdThird Party Advisory
www.securityfocus.com/bid/73432nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000