A use-after-free vulnerability has been identified in PDF-XChange Editor, specifically in versions through 10.5.2.395. This vulnerability arises during the parsing of U3D files, where the application fails to properly validate the existence of an object before performing operations on it. As a result, remote attackers can execute arbitrary code on the affected system, but exploitation requires user interaction, such as opening a malicious file or visiting a harmful webpage.
Exploitation of this vulnerability allows for arbitrary code execution on the affected system, executed in the context of the current process.
PDF-XChange has released a security update to address this vulnerability. Users can download the latest version from the PDF-XChange website.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
