Login Sign Up

CVE-2022-37369

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

CVE-2022-37369 is a buffer overflow vulnerability in PDF-XChange Editor's PDF parsing functionality. It allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. This affects all users running vulnerable versions of PDF-XChange Editor.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 9.3.361.0
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All Windows versions supported by PDF-XChange Editor are affected. The vulnerability exists in the core PDF parsing engine.

📦 What is this software?

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise via arbitrary code execution with the same privileges as the PDF-XChange Editor process, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malware installation or data exfiltration through crafted PDF files delivered via phishing emails or malicious websites.

🟢

If Mitigated

Limited impact if application runs with restricted privileges, sandboxing is enabled, or PDF files are opened in isolated environments.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (opening a malicious PDF) but the technical complexity is low once the malicious file is crafted. The ZDI advisory suggests active exploitation is likely.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 9.3.361.0 and later

Vendor Advisory: https://www.tracker-software.com/product/pdf-xchange-editor/history

Restart Required: Yes

Instructions:

1. Download the latest version from the official PDF-XChange Editor website. 2. Run the installer. 3. Follow the installation prompts. 4. Restart the application or system if prompted.

🔧 Temporary Workarounds

Disable PDF-XChange Editor as default PDF handler

windows

Prevent automatic opening of PDF files with the vulnerable application

Control Panel > Default Programs > Set Default Programs > Choose another program for PDF files

Use application sandboxing

windows

Run PDF-XChange Editor in a sandboxed environment to limit potential damage

🧯 If You Can't Patch

  • Implement strict email filtering to block PDF attachments from untrusted sources
  • Use alternative PDF viewers that are not affected by this vulnerability

🔍 How to Verify

Check if Vulnerable:

Open PDF-XChange Editor, go to Help > About, check if version is below 9.3.361.0

Check Version:

Not applicable - check via GUI in Help > About

Verify Fix Applied:

Verify the version is 9.3.361.0 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of PDF-XChange Editor
  • Unusual process creation from PDF-XChange Editor

Network Indicators:

  • Outbound connections from PDF-XChange Editor to suspicious IPs after opening PDF files

SIEM Query:

EventID=1000 OR EventID=1001 Source="PDF-XChange Editor" | where Version < "9.3.361.0"

📊 Metadata

CVE ID: CVE-2022-37369
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: March 29, 2023
Last Updated: November 27, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-37369, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)