Vulnerability Details CVE-2019-17497
Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.038
EPSS Ranking 87.8%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.3
References
Products affected by CVE-2019-17497
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:-
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.305.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.306.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.306.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.307.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.307.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.307.2
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:3.0.308.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.308.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.308.2
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.309.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.310.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.311.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.312.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.312.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.313.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.314.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.315.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.316.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:5.5.316.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.317.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.317.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.318.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.318.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.319.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.320.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.320.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.321.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.3
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.4
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.5
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.6
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:6.0.322.7
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.237.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.323.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.323.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.323.2
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.324.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.324.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.324.2
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.324.3
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.325.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.325.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.326
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.326.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.326.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.327.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.327.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.328.0
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.328.1
-
cpe:2.3:a:pdf-xchange:pdf-xchange_editor:7.0.328.2