CVE-2020-13813

Vulnerability

Foxit Studio Photo before version 3.6.6.922 is vulnerable to a local privilege escalation due to an insecure dynamic-link library (DLL) loading mechanism. When the installer executable FoxitStudioPhoto366_3.6.6.916.exe is launched, it may load a malicious DLL placed in the current working directory by an attacker. The affected product is Foxit Studio Photo versions prior to 3.6.6.922 [1].

Exploitation

An attacker with local access to the system can exploit this vulnerability by placing a crafted DLL in the directory from which the vulnerable Foxit Studio Photo installer is executed. No additional authentication or user interaction beyond running the installer is required, as the installer will automatically load the malicious DLL if present in the current working directory.

Impact

Successful exploitation allows the attacker to execute arbitrary code in the context of the user running the installer. This can lead to privilege escalation, potentially enabling the attacker to achieve persistence, install programs, or access sensitive data with the victim's privileges.

Mitigation

Foxit has released Foxit Studio Photo version 3.6.6.922 to address this issue. Users should update to this or any later version [1]. No workarounds are described in the available references; the only mitigation is to apply the official update.