Login Sign Up

CVE-2022-37368

5.5 MEDIUM

📋 TL;DR

CVE-2022-37368 is an out-of-bounds read vulnerability in PDF-XChange Editor's Doc object handling that allows information disclosure. Attackers can exploit this by tricking users into opening malicious PDF files or visiting malicious web pages. This vulnerability affects users of vulnerable PDF-XChange Editor versions.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 9.3.361.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with vulnerable versions are affected. JavaScript must be enabled (default setting).

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Combined with other vulnerabilities, could lead to arbitrary code execution in the context of the current user process, potentially resulting in full system compromise.

🟠

Likely Case

Sensitive information disclosure from PDF-XChange Editor's memory space, potentially exposing document contents or system information.

🟢

If Mitigated

Limited to information disclosure only, with no code execution possible due to proper sandboxing or additional mitigations.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file/website) but PDF files are commonly shared and opened.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or malicious documents in internal systems.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires user interaction (opening malicious file). ZDI-CAN-17728 reference suggests detailed research exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download latest version from tracker-software.com 2. Run installer 3. Restart system 4. Verify version is 9.3.361.0 or higher

🔧 Temporary Workarounds

Disable JavaScript in PDF-XChange Editor

windows

Prevents exploitation by disabling JavaScript execution in PDF files

Settings > Preferences > JavaScript > Uncheck 'Enable JavaScript Actions'

Use alternative PDF viewer

windows

Temporarily use different PDF software until patched

🧯 If You Can't Patch

  • Restrict PDF file sources to trusted locations only
  • Implement application whitelisting to prevent unauthorized PDF execution

🔍 How to Verify

Check if Vulnerable:

Open PDF-XChange Editor, go to Help > About, check if version is below 9.3.361.0

Check Version:

Not applicable - check via GUI Help > About menu

Verify Fix Applied:

Confirm version is 9.3.361.0 or higher in Help > About dialog

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of PDF-XChange Editor
  • Unusual memory access patterns in application logs

Network Indicators:

  • Downloads of PDF files from untrusted sources
  • Network connections following PDF file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="PDFXEdit.exe"

📊 Metadata

CVE ID: CVE-2022-37368
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: March 29, 2023
Last Updated: November 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37368, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)