Windows Installer Allows Malicious Files to Replace Legitimate System Files

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.3

Windows Installer Allows Malicious Files to Replace Legitimate System Files

CVE-2026-3780

Summary

A weakness in the Windows installer allows a local attacker to replace system files with malicious ones, potentially giving them elevated privileges. This means that if you have a malicious program on your computer, it might be able to trick Windows into running it as if it were a legitimate system file. To protect yourself, make sure to only install software from trusted sources and be cautious when installing new programs that require elevated privileges.

Original title

Original description

The application's installer runs with elevated privileges but resolves system executables and DLLs using untrusted search paths that can include user-writable directories, allowing a local attacker to place malicious binaries with the same names and have them loaded or executed instead of the legitimate system files, resulting in local privilege escalation.

nvd CVSS3.1 7.3

Vulnerability type

CWE-426

https://www.foxit.com/support/security-bulletins.html

Published: 1 Apr 2026 · Updated: 1 Apr 2026 · First seen: 1 Apr 2026