Login Sign Up

CVE-2023-42110

5.5 MEDIUM

📋 TL;DR

This vulnerability in PDF-XChange Editor allows attackers to read memory beyond allocated bounds when processing malicious EMF files, potentially disclosing sensitive information. Users who open malicious PDFs or visit compromised websites are affected. The vulnerability requires user interaction but could be combined with other exploits for code execution.

💻 Affected Systems

Products:
  • PDF-XChange Editor
Versions: Versions prior to 10.1.1.380
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All installations with EMF file processing enabled are vulnerable by default.

📦 What is this software?

Pdf Tools by Pdf Xchange

View all CVEs affecting Pdf Tools →

Pdf Xchange Editor by Pdf Xchange

View all CVEs affecting Pdf Xchange Editor →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the context of the current user, potentially resulting in full system compromise.

🟠

Likely Case

Information disclosure of memory contents, which could reveal sensitive data or system information useful for further attacks.

🟢

If Mitigated

Limited information disclosure with no code execution if proper memory protections are in place and no other vulnerabilities are present.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file) and likely requires chaining with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.1.1.380 and later

Vendor Advisory: https://www.tracker-software.com/support/security-bulletins.html

Restart Required: Yes

Instructions:

1. Download latest version from official vendor site
2. Run installer with administrative privileges
3. Restart system after installation completes

🔧 Temporary Workarounds

Disable EMF file processing

windows

Configure PDF-XChange Editor to block EMF file processing through registry settings

Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Tracker Software\PDFXEditor\3.0\Settings\Security\FileOpen\Block]
"EMF"="1"

Application control blocking

windows

Use application whitelisting to block PDF-XChange Editor from processing EMF files

🧯 If You Can't Patch

  • Restrict user permissions to limit impact of potential code execution
  • Use sandboxed environments for opening untrusted PDF files

🔍 How to Verify

Check if Vulnerable:

Check Help > About in PDF-XChange Editor for version number

Check Version:

reg query "HKEY_CURRENT_USER\Software\Tracker Software\PDFXEditor\3.0" /v Version

Verify Fix Applied:

Verify version is 10.1.1.380 or higher in Help > About

📡 Detection & Monitoring

Log Indicators:

  • Application crashes when processing EMF files
  • Unusual memory access patterns in application logs

Network Indicators:

  • Downloads of EMF files from untrusted sources
  • Network traffic to known malicious domains after PDF processing

SIEM Query:

EventID=1000 AND Source="PDF-XChange Editor" AND FaultingModule LIKE "%emf%"

📊 Metadata

CVE ID: CVE-2023-42110
CVSS v3 Score: 5.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CWE: CWE-125
Published: May 3, 2024
Last Updated: May 20, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42110, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)