A remote code execution vulnerability has been identified in PDF-XChange Editor versions 10.5.2.395, 10.5.1.394, 10.5.0.393, 10.4.4.392, 10.4.3.391, 10.4.0.388, 10.3.1.387, 10.3.0.386, 10.2.1.385, 10.1.2.382, 10.1.1.381, 10.0.1.371, and 9.5.368.0. This vulnerability arises from improper validation of user-supplied data when parsing RTF files, leading to an out-of-bounds read that can be exploited to execute arbitrary code in the context of the current process. Exploitation requires user interaction, such as opening a malicious RTF file or visiting a compromised webpage.
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Users can update to PDF-XChange Editor version 10.6.0.396 or later, where this vulnerability has been addressed. Instructions for updating can be found on the PDF-XChange website.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
