CVE-2020-7374

MEDIUM

Documalis Free PDF Editor 5.7.2.26 and Free PDF Scanner 5.7.2.122 - Remote Code Execution via Malicious JPEG in PDF

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-7374. PoCs published by metacom, including Metasploit module exploits/windows/fileformat/documalis_pdf_editor_and_scanner.

AI-analyzed exploit summary This Metasploit module exploits a stack-based buffer overflow in Documalis Free PDF Editor and Scanner via a malformed JPEG embedded in a PDF. It achieves remote code execution by leveraging SEH overwrites and a crafted payload.

Description

Documalis Free PDF Editor version 5.7.2.26 and Documalis Free PDF Scanner version 5.7.2.122 do not appropriately validate the contents of JPEG images contained within a PDF. Attackers can exploit this vulnerability to trigger a buffer overflow on the stack and gain remote code execution as the user running the Documalis Free PDF Editor or Documalis Free PDF Scanner software.

Exploits (1)

metasploit WORKING POC NORMAL

by metacom · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/documalis_pdf_editor_and_scanner.rb

View Code ZIP pw:eip

This Metasploit module exploits a stack-based buffer overflow in Documalis Free PDF Editor and Scanner via a malformed JPEG embedded in a PDF. It achieves remote code execution by leveraging SEH overwrites and a crafted payload.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Documalis Free PDF Editor v5.7.2.26 and Documalis Free PDF Scanner v5.7.2.122

No auth needed

Prerequisites: Victim must open the malicious PDF file

MITRE ATT&CK

T1203 - Exploitation for Client Execution T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/rapid7/metasploit-framework/pull/13517

Scores

CVSS v3 5.3

EPSS 0.0309

EPSS Percentile 86.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

Details

CWE

CWE-120

Status published

Products (2)

documalis/free_pdf_editor 5.7.2.26

documalis/free_pdf_scanner 5.7.2.122

Published Aug 12, 2020

Tracked Since Feb 18, 2026