CVE-2024-27323

EPSS 2.31%
Veröffentlicht 01.04.2024 22:15:15
Zuletzt bearbeitet 03.12.2024 22:03:36
Quelle zdi-disclosures@trendmicro.com
Teams Watchlist Login
Unerledigt Login

PDF-XChange Editor Updater Improper Certificate Validation Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this vulnerability.

The specific flaw exists within the update functionality. The issue results from the lack of proper validation of the certificate presented by the server. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-22224.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Pdf-xchange ≫ Pdf-tools Version10.1.1.381

Pdf-xchange ≫ Pdf-xchange Editor Version10.1.1.381

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.31%	0.841

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
zdi-disclosures@trendmicro.com	7.5	1.6	5.9	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-295 Improper Certificate Validation

The product does not validate, or incorrectly validates, a certificate.

https://www.zerodayinitiative.com/advisories/ZDI-24-198/

Third Party Advisory

VDB Entry

https://nvd.nist.gov/vuln/detail/CVE-2024-27323

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27323

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27323

EUVD