CVE-2024-8842
CVSS 3.1 Score 7.8 of 10 (high)
Details
Published Nov 22, 2024
Updated: Dec 4, 2024
CWE ID 908
CWE ID 457
Summary
CVE-2024-8842 is a remote code execution vulnerability affecting PDF-XChange Editor. This issue arises from the software's failure to properly initialize memory during RTF file parsing. Malicious RTF files can exploit this vulnerability, allowing attackers to execute arbitrary code on affected systems. User interaction, such as visiting a malicious webpage or opening a crafted file, is required for successful exploitation. This vulnerability, identified as ZDI-CAN-24481, poses a significant risk to PDF-XChange Editor users and requires prompt patching.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share