CVE-2024-8814
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 125
Summary
CVE-2024-8814 is a remote code execution vulnerability affecting PDF-XChange Editor. Malicious U3D files can trigger an out-of-bounds read, allowing attackers to execute arbitrary code on targeted systems. This flaw is due to insufficient validation of user-supplied data during U3D file parsing. Successful exploitation necessitates user interaction, such as visiting malicious web pages or opening malicious files. The vulnerability, discovered as ZDI-CAN-24209, can grant attackers control over the affected PDF-XChange Editor process.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share