CVE-2023-33240: 
Foxit PDF Reader vulnerability analysis and mitigation

Foxit PDF Reader (12.1.1.15289 and earlier) and Foxit PDF Editor (12.1.1.15289 and all previous 12.x versions, 11.2.5.53785 and all previous 11.x versions, and 10.1.11.37866 and earlier) on Windows were found to contain a Local Privilege Escalation vulnerability when installed to a non-default directory. The vulnerability was discovered in May 2023 and assigned identifier CVE-2023-33240. The issue was fixed in version 12.1.2 (Vendor Advisory).

The vulnerability stems from unprivileged users having access to an executable file of a system service when the software is installed to a non-default directory. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H. This indicates local access is required, low attack complexity, low privileges needed, no user interaction required, and high impacts to confidentiality, integrity, and availability (NVD).

The vulnerability allows local attackers to escalate their privileges on affected Windows systems where Foxit PDF Reader or Editor is installed to a non-default directory. This could potentially enable attackers to gain elevated system privileges, compromising the security of the affected system (NVD).

Users should update to Foxit PDF Reader/Editor version 12.1.2 or later to address this vulnerability. The fix is available through the application's built-in update mechanism or can be downloaded directly from the Foxit website (Vendor Advisory).