Adobe Acrobat Update Service Can Load Malicious Libraries from Untrusted Locations

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.8

Adobe Acrobat Update Service Can Load Malicious Libraries from Untrusted Locations

CVE-2026-3775

Summary

The Adobe Acrobat update service can load malicious libraries from certain directories that are accessible to low-privileged users. This could allow an attacker to execute arbitrary code on the system with elevated privileges. To protect against this, update your Adobe Acrobat installation to the latest version, which should address this issue.

Original title

Original description

The application's update service, when checking for updates, loads certain system libraries from a search path that includes directories writable by low‑privileged users and is not strictly restricted to trusted system locations. Because these libraries may be resolved and loaded from user‑writable locations, a local attacker can place a malicious library there and have it loaded with SYSTEM privileges, resulting in local privilege escalation and arbitrary code execution.

nvd CVSS3.1 7.8

Vulnerability type

CWE-427 Uncontrolled Search Path Element

https://www.foxit.com/support/security-bulletins.html

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026