CVE-2020-13812
Description
An issue was discovered in Foxit Studio Photo before 3.6.6.922. It allows local users to gain privileges via a crafted DLL in the current working directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Foxit Studio Photo before 3.6.6.922 allows local privilege escalation via a crafted DLL in the current working directory.
Vulnerability
Foxit Studio Photo versions before 3.6.6.922 are vulnerable to a DLL hijacking attack. The application loads a DLL from the current working directory without proper validation, allowing an attacker to place a malicious DLL that will be executed with the privileges of the application.
Exploitation
An attacker with local access can place a crafted DLL in the current working directory from which Foxit Studio Photo is launched. When the application loads, it will load the malicious DLL instead of the legitimate one, leading to code execution.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the Foxit Studio Photo process, potentially leading to privilege escalation and full control over the affected system.
Mitigation
Foxit has addressed this issue in version 3.6.6.922. Users should update to this version or later. No workaround is available. The vulnerability is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Foxit/Studio Photodescription
- Range: <3.6.6.922
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- www.foxitsoftware.com/support/security-bulletins.phpmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.