Security updates available in PDF-XChange 10.7.3.401
Summary
Released version 10.7.3.401, which addresses potential security and stability issues.
Affected versions
| Product | Version |
|---|---|
| PDF-XChange Editor | 10.7.2.400 |
| PDF-XChange PRO | 10.7.2.400 |
| PDF-Tools | 10.7.2.400 |
Vulnerability details
| Brief | Acknowledgement |
|---|---|
|
Fixed a potential local privilege escalation vulnerability in the PDF-XChange Updater. |
Kolja Grassmann (Neodyme AG) working with Trend Micro Zero Day Initiative |
Security updates available in PDF-XChange 10.6.1.397
Summary
Released version 10.6.1.397, which addresses potential security and stability issues.
Affected versions
| Product | Version |
|---|---|
| PDF-XChange Editor | 10.6.0.396, 10.5.2.395 |
| PDF-XChange PRO | 10.6.0.396, 10.5.2.395 |
| PDF-Tools | 10.6.0.396, 10.5.2.395 |
Vulnerability details
| Brief | Acknowledgement |
|---|---|
|
An out-of-bounds read vulnerability exists in the EMF functionality of PDF-XChange Editor version 10.5.2.395. By using a specially crafted EMF file, an attacker could exploit this vulnerability to perform an out-of-bounds read, potentially leading to the disclosure of sensitive information. |
Discovered by KPC of Cisco Talos |
|
Addressed potential issues where the application could be exposed to Use-after-Free, Out-of-Bounds Read, or Type Confusion vulnerability and crash, which could be exploited by attackers to execute remote code or disclose information. This occurs due to the access of null pointer/wild pointer or reference to the object that has been deleted without proper validation when handling certain JavaScripts. |
Suyue Guo and Tianle Yu from UCSB Seclab |