Remote Code Execution Risk in PDF-XChange Editor Due to RTF File Parsing Flaw
CVE-2024-8842

7.8HIGH

Key Information:

Vendor
PDF-xchange
Status
PDF-xchange Editor
PDF-tools
Vendor
CVE Published:
22 November 2024

Summary

A vulnerability exists in PDF-XChange Editor that stems from improper initialization of memory during RTF file parsing. This flaw could enable remote attackers to execute arbitrary code on the affected installation when a user interacts with a malicious RTF file or visits a harmful webpage. The vulnerability relies on user action to exploit, making awareness and caution imperative for users of the software.

References

https://www.zerodayinitiative.com/advisories/ZDI-24-1265/

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

.
CVE-2024-8842 : Remote Code Execution Risk in PDF-XChange Editor Due to RTF File Parsing Flaw | SecurityVulnerability.io