CVE-2019-17497

Published: Oct 11, 2019Modified: Nov 27, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.

Affected (1)

Products: Pdf Xchange: Pdf Xchange Editor

1 product

Pdf Xchange Editor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Pdf Xchange Pdf Xchange Editor	Before 8.0.330.0

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (2)

https://github.com/ponypot/cve/raw/master/pdfXChangeEditor_FDFInclusions.pdf

Source: cve@mitre.org

Third Party Advisory

https://github.com/ponypot/cve/raw/master/pdfXChangeEditor_FDFInclusions.pdf

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.