CVE-2024-9245 is a vulnerability classified under CWE-732 (Incorrect Permission Assignment for Critical Resource) affecting Foxit PDF Reader version 2024.2.0.25138. The flaw exists in the Foxit Reader Update Service, specifically in how it handles configuration files. These files have incorrect permissions, allowing a local attacker who already has the ability to execute low-privileged code to modify or replace these configuration files. By doing so, the attacker can escalate privileges to SYSTEM level, gaining full control over the affected machine. The vulnerability does not require user interaction but does require prior local access with limited privileges. The CVSS v3.0 score is 7.8, reflecting high severity due to the combination of local attack vector, low attack complexity, and the potential for full system compromise (confidentiality, integrity, and availability impacts). No public exploits or patches have been reported at the time of publication, but the vulnerability was reserved and published by the Zero Day Initiative (ZDI) under CAN-23966. The flaw is critical because it allows privilege escalation from a low-privileged user to SYSTEM, which can be leveraged for persistence, lateral movement, or full system takeover in targeted environments.

The primary impact of CVE-2024-9245 is local privilege escalation, enabling attackers with limited access to gain SYSTEM-level privileges. This can lead to complete system compromise, including unauthorized access to sensitive data, installation of persistent malware, disabling security controls, and disruption of system availability. Organizations relying on Foxit PDF Reader in enterprise environments, especially those with shared or multi-user systems, are at risk of insider threats or attackers who have gained initial footholds through other means. The vulnerability undermines the principle of least privilege and can facilitate further attacks such as lateral movement within networks. Given Foxit Reader's widespread use in business, government, and educational institutions, exploitation could have broad consequences, including data breaches, operational disruption, and reputational damage.

1. Apply official patches from Foxit as soon as they become available to correct the permission settings on the Update Service configuration files. 2. Until patches are released, restrict local user permissions to prevent unauthorized modification of Foxit Reader files and directories, especially those related to the Update Service. 3. Employ application whitelisting and endpoint protection solutions to detect and block unauthorized attempts to modify configuration files or escalate privileges. 4. Monitor system logs and file integrity for suspicious changes to Foxit Reader installation directories and update service files. 5. Limit local user accounts with the ability to execute arbitrary code and enforce strict access controls on shared systems. 6. Consider disabling the Foxit Reader Update Service if automatic updates are not critical and if this does not impact business operations. 7. Educate users about the risks of running untrusted code locally, as initial low-privileged code execution is required for exploitation.