A use-after-free vulnerability has been identified in PDF-XChange Editor, specifically in versions through 10.5.2.395. This vulnerability arises during the parsing of U3D files, where the application fails to properly validate the existence of an object before performing operations on it. As a result, remote attackers can execute arbitrary code on the affected system, with the executed code running in the context of the current process. Exploitation of this vulnerability requires user interaction, as the target must open a malicious U3D file or visit a page containing one.
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
Users can update to PDF-XChange Editor version 10.6.0.396 to address this vulnerability.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
