A remote code execution vulnerability has been identified in PDF-XChange Editor versions 10.5.2.395, 10.5.1.394, 10.4.4.392, 10.4.3.391, 10.3.1.387, 10.1.2.382, and 9.5.2.395. This vulnerability arises from improper validation of user-supplied data when parsing PRC files, leading to an out-of-bounds write. An attacker can exploit this issue by convincing a user to open a malicious PRC file, allowing the execution of arbitrary code in the context of the current process.
Exploitation of this vulnerability allows for arbitrary code execution on the affected system.
PDF-XChange has released a security update to address this vulnerability. Users can download the latest version from the PDF-XChange website.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.
