CVE-2024-27323 — HIGH (7.5)

Vulnerability Description

PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability. The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Pdf-Xchange	Pdf-Tools	10.1.1.381
Pdf-Xchange	Pdf-Xchange Editor	10.1.1.381

Related Weaknesses (CWE)

CWE-295

References

https://www.zerodayinitiative.com/advisories/ZDI-24-198/Third Party AdvisoryVDB Entry
https://www.zerodayinitiative.com/advisories/ZDI-24-198/Third Party AdvisoryVDB Entry

FAQ

What is CVE-2024-27323?

CVE-2024-27323 is a vulnerability with a CVSS score of 7.5 (HIGH). PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations...

How severe is CVE-2024-27323?

CVE-2024-27323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-27323?

Check the references section above for vendor advisories and patch information. Affected products include: Pdf-Xchange Pdf-Tools, Pdf-Xchange Pdf-Xchange Editor.