CVE-2017-13056

HIGH

PDF-XChange Viewer 2.5 Build 314.0 - Remote Code Execution via Crafted PDF File

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-13056. PoCs published by Daniele Votta.

AI-analyzed exploit summary This PowerShell script generates a malicious PDF that exploits CVE-2017-13056 in PDF-XChange Viewer by embedding JavaScript to execute arbitrary commands (e.g., calc.exe) via the unsafe `launchURL()` API.

Description

The launchURL function in PDF-XChange Viewer 2.5 (Build 314.0) might allow remote attackers to execute arbitrary code via a crafted PDF file.

Exploits (1)

exploitdb WORKING POC

by Daniele Votta · textlocalwindows

https://www.exploit-db.com/exploits/42537

View Code ZIP pw:eip

This PowerShell script generates a malicious PDF that exploits CVE-2017-13056 in PDF-XChange Viewer by embedding JavaScript to execute arbitrary commands (e.g., calc.exe) via the unsafe `launchURL()` API.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: PDF-XChange Viewer 2.5 (Build 314.0)

No auth needed

Prerequisites: PdfSharp-WPF.dll library · PowerShell execution environment

MITRE ATT&CK

T1204.002 - Malicious File T1059.001 - PowerShell

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory, VDB Entry x_refsource_misc

http://packetstormsecurity.com/files/143912/PDF-XChange-Viewer-2.5-Build-314.0-Code-Execution.html

Scores

CVSS v3 7.8

EPSS 0.0559

EPSS Percentile 91.9%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-20

Status published

Products (1)

tracker-software/pdf-xchange_viewer 2.5

Published Dec 27, 2017

Tracked Since Feb 18, 2026