CVE-2024-27323
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.0%
EPSS Percentile
0th
PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224.
| CWE | CWE-295 |
| Vendor | pdf-xchange |
| Product | pdf-xchange editor |
| Published | Apr 1, 2024 |
| Last Updated | Aug 2, 2024 |
Stay Ahead of the Next One
Get instant alerts for pdf-xchange pdf-xchange editor
Be the first to know when new high vulnerabilities affecting pdf-xchange pdf-xchange editor are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Versions
PDF-XChange / PDF-XChange Editor
10.1.1.381