CVE-2022-37352 – CVE-2022-37352 is an out-of-bounds read vulnera... (How to Fix)

Q: What is the severity of CVE-2022-37352?

CVE-2022-37352 has a CVSS score of 5.5 (MEDIUM). CVE-2022-37352 is an out-of-bounds read vulnerability in PDF-XChange Editor's WMF file parser. Attackers can exploit this by tricking users into opening malicious WMF files, potentially leading to information disclosure or arbitrary code execution when combined with other vulnerabilities. Users of affected PDF-XChange Editor versions are at risk.

📋 TL;DR

CVE-2022-37352 is an out-of-bounds read vulnerability in PDF-XChange Editor's WMF file parser. Attackers can exploit this by tricking users into opening malicious WMF files, potentially leading to information disclosure or arbitrary code execution when combined with other vulnerabilities. Users of affected PDF-XChange Editor versions are at risk.

💻 Affected Systems

Products:

PDF-XChange Editor

Versions: Versions prior to 9.3.361.0

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with affected versions are vulnerable by default when processing WMF files.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution in the context of the current user, potentially leading to full system compromise when combined with other vulnerabilities.

🟠

Likely Case

Information disclosure through memory leaks, potentially exposing sensitive data from the application's memory space.

🟢

If Mitigated

Limited impact with proper security controls like application sandboxing, memory protection, and user awareness training.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but can be delivered via web pages or email attachments.

🏢 Internal Only: MEDIUM - Similar risk profile internally, though attack vectors may be more limited within controlled environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and may require chaining with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com 2. Run installer 3. Restart system 4. Verify version is 9.3.361.0 or higher

🔧 Temporary Workarounds

Disable WMF file processing

windows

Configure PDF-XChange Editor to not process WMF files or block WMF file associations

Not applicable - configuration change in application settings

Application control blocking

windows

Use Windows AppLocker or similar to block execution of older PDF-XChange Editor versions

AppLocker rules to block versions < 9.3.361.0

🧯 If You Can't Patch

Implement application sandboxing to limit potential damage from exploitation
Educate users to avoid opening WMF files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor and verify version is below 9.3.361.0

Check Version:

wmic product where name="PDF-XChange Editor" get version

Verify Fix Applied:

Confirm version is 9.3.361.0 or higher in Help > About dialog

📡 Detection & Monitoring

Log Indicators:

Application crashes when processing WMF files
Unusual memory access patterns in application logs

Network Indicators:

Downloads of WMF files from suspicious sources
Network traffic patterns associated with exploit delivery

SIEM Query:

EventID=1000 AND Source="PDF-XChange Editor" AND FaultingModule LIKE "%wmf%"

📊 Metadata

CVE ID: CVE-2022-37352

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: March 29, 2023

Last Updated: February 18, 2025

🔗 References

https://www.tracker-software.com/product/pdf-xchange-editor/history Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-22-1080/ Release Notes,Third Party Advisory,VDB Entry
https://www.tracker-software.com/product/pdf-xchange-editor/history Release Notes
https://www.zerodayinitiative.com/advisories/ZDI-22-1080/ Release Notes,Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37352, you might also want to check these: