CVE-2023-42052: 
PDF-XChange Editor vulnerability analysis and mitigation

PDF-XChange Editor contains a vulnerability related to U3D file parsing that can lead to information disclosure (CVE-2023-42052). The vulnerability was discovered and reported by Mat Powell of Trend Micro Zero Day Initiative. The issue affects PDF-XChange Editor installations and requires user interaction, specifically opening a malicious file or visiting a malicious page (ZDI Advisory).

The vulnerability stems from improper validation of user-supplied data during the parsing of U3D files. Specifically, the flaw results in a read past the end of an allocated object. The vulnerability has been assigned a CVSS v3.0 base score of 3.3 (Low) with the vector: AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N (ZDI Advisory).

When exploited, this vulnerability allows remote attackers to disclose sensitive information on affected installations of PDF-XChange Editor. The vulnerability could potentially be leveraged in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process (ZDI Advisory).

PDF-XChange has released an update to address this vulnerability. Users are advised to update their installations to the latest version available through the vendor's security bulletins page (Security Bulletin).