NTLM SSO Hash Theft Vulnerability in Tracker PDF-XChange Editor

NTLM SSO Hash Theft Vulnerability in Tracker PDF-XChange Editor

CVE-2019-17497 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Tracker PDF-XChange Editor before 8.0.330.0 has an NTLM SSO hash theft vulnerability using crafted FDF or XFDF files (a related issue to CVE-2018-4993). For example, an NTLM hash is sent for a link to \\192.168.0.2\C$\file.pdf without user interaction.

Learn more about our User Device Pen Test.