CVE-2023-39504 – This vulnerability in PDF-XChange Editor allows... (How to Fix)

Q: What is the severity of CVE-2023-39504?

CVE-2023-39504 has a CVSS score of 5.5 (MEDIUM). This vulnerability in PDF-XChange Editor allows attackers to read memory beyond allocated bounds when parsing malicious OXPS files, potentially disclosing sensitive information. Users who open untrusted OXPS files or visit malicious websites are affected. The vulnerability requires user interaction but could be combined with other flaws for code execution.

📋 TL;DR

This vulnerability in PDF-XChange Editor allows attackers to read memory beyond allocated bounds when parsing malicious OXPS files, potentially disclosing sensitive information. Users who open untrusted OXPS files or visit malicious websites are affected. The vulnerability requires user interaction but could be combined with other flaws for code execution.

💻 Affected Systems

Products:

PDF-XChange Editor

Versions: Versions prior to the patch (specific version not provided in CVE description)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in OXPS file parsing functionality; users must open OXPS files to trigger.

📦 What is this software?

Pdf Tools by Pdf Xchange

View all CVEs affecting Pdf Tools →

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the context of the current user process.

🟠

Likely Case

Information disclosure from process memory, potentially exposing sensitive data like credentials or system information.

🟢

If Mitigated

Limited impact if proper file validation and user awareness controls prevent opening untrusted OXPS files.

🌐 Internet-Facing: MEDIUM - Requires user interaction but could be delivered via malicious websites or email attachments.

🏢 Internal Only: LOW - Requires user to open malicious OXPS files, which is less common in internal environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) and likely needs additional vulnerabilities for full code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check vendor advisory for specific patched version

Vendor Advisory: https://www.tracker-software.com/support/security-advisories

Restart Required: Yes

Instructions:

1. Visit Tracker Software's security advisory page
2. Download and install the latest version of PDF-XChange Editor
3. Restart the application and any related services

🔧 Temporary Workarounds

Disable OXPS file association

windows

Prevent PDF-XChange Editor from automatically opening OXPS files

Control Panel > Default Programs > Associate a file type or protocol with a program > Change .oxps to open with a different application

User awareness training

all

Educate users not to open OXPS files from untrusted sources

🧯 If You Can't Patch

Implement application whitelisting to prevent execution of unapproved OXPS files
Use email filtering to block OXPS attachments from external sources

🔍 How to Verify

Check if Vulnerable:

Check PDF-XChange Editor version against vendor's patched version list

Check Version:

Open PDF-XChange Editor > Help > About

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes when opening OXPS files
Unusual memory access patterns in application logs

Network Indicators:

Downloads of OXPS files from untrusted sources
Network traffic to known malicious domains after file opening

SIEM Query:

EventID=1000 OR EventID=1001 AND ProcessName="PDFXEdit.exe" AND FileExtension=".oxps"

📊 Metadata

CVE ID: CVE-2023-39504

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 3, 2024

Last Updated: May 19, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1136/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1136/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-39504, you might also want to check these: