CVE-2019-17497

MEDIUM

PDF-XChange Editor < 8.0.330.0 - NTLM SSO Hash Theft via Crafted FDF/XFDF Files

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-17497. PoCs published by JM-Lemmi.

AI-analyzed exploit summary This repository provides a technical summary of CVE-2019-17497, an NTLM SSO hash theft vulnerability in PDF-XChange Editor. It references an external writeup and mentions recreated PoC files, but does not include functional exploit code.

Description

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.

Exploits (1)

nomisec WRITEUP
by JM-Lemmi · poc
https://github.com/JM-Lemmi/cve-2019-17497

This repository provides a technical summary of CVE-2019-17497, an NTLM SSO hash theft vulnerability in PDF-XChange Editor. It references an external writeup and mentions recreated PoC files, but does not include functional exploit code.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Moderate
Reliability
Theoretical
Target: PDF-XChange Editor before 8.0.330.0
No auth needed
Prerequisites: Crafted FDF or XFDF files · Victim interaction to open malicious file
mistral-large-3 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Scores

CVSS v3 6.5
EPSS 0.0647
EPSS Percentile 92.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE
CWE-522
Status published
Products (1)
pdf-xchange/pdf-xchange_editor < 8.0.330.0
Published Oct 11, 2019
Tracked Since Feb 18, 2026