Login Sign Up

CVE-2022-37350

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-37350 is a buffer overflow vulnerability in PDF-XChange Editor's handling of Collab objects that allows remote code execution. Attackers can exploit this by tricking users into opening malicious PDF files or visiting malicious web pages. All users of affected PDF-XChange Editor versions are at risk.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 9.3.361.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with affected versions are vulnerable by default. JavaScript execution in PDFs must be enabled (default setting).

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's computer, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation leading to data exfiltration, credential theft, or system disruption for individual users who open malicious PDFs.

🟢

If Mitigated

Limited impact with proper endpoint protection blocking malicious files and user training preventing suspicious PDF openings.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious PDF) but PDFs are commonly shared via email and web.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing with malicious attachments.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious PDF is opened. ZDI advisory suggests reliable exploitation.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com 2. Run installer 3. Restart system 4. Verify version is 9.3.361.0 or higher

🔧 Temporary Workarounds

Disable JavaScript in PDF-XChange Editor

windows

Prevents exploitation by disabling JavaScript execution in PDF files

Settings > Preferences > JavaScript > Uncheck 'Enable JavaScript Actions'

Use alternative PDF viewer

windows

Temporarily use different PDF software until patched

🧯 If You Can't Patch

  • Implement application whitelisting to block PDF-XChange Editor execution
  • Deploy endpoint protection with behavioral analysis to detect exploit attempts

🔍 How to Verify

Check if Vulnerable:

Open PDF-XChange Editor, go to Help > About, check if version is below 9.3.361.0

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Confirm version is 9.3.361.0 or higher in Help > About dialog

📡 Detection & Monitoring

Log Indicators:

  • Process creation from PDF-XChange Editor with unusual command lines
  • Crash reports from PDF-XChange Editor

Network Indicators:

  • Outbound connections from PDF-XChange Editor to suspicious domains

SIEM Query:

process_name:"PDFXEdit.exe" AND (process_cmdline:*powershell* OR process_cmdline:*cmd.exe*)

📊 Metadata

CVE ID: CVE-2022-37350
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: March 29, 2023
Last Updated: November 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37350, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)