PDFescape Desktop Security Bulletin
Date Published |
Priority |
February 10, 2020 |
Medium |
Description
PDFescape has released a security update for the PDFescape Desktop installer. This update resolves a vulnerability of an insecure library loading in the installer that could cause the Arbitrary Code Execution.
Affected product versions
Product |
Version |
Platform |
PDFescape Desktop (installer) |
4.0.22 |
Windows |
Solution
PDFescape recommends users to update their application by installing its newest version:
Product |
Version |
Platform |
Priority |
Availability |
PDFescape Desktop (installer) |
2019 Release |
Windows |
Medium |
*Note: This vulnerability impacts only the installer used with the PDFescape Desktop. CVE-Number has no impact to the existing Desktop application, and there is no action required for the customers running earlier versions of the software.
Vulnerability details
Vulnerability Category |
Vulnerability Impact |
Severity |
CVE Number |
Insecure Library Loading (DLL hijacking) |
Arbitrary Code Execution |
Important |
CVE-2020-9418 |
Acknowledgments
Red Software would like to thank Eli Paz of Cyberark Labs (CVE-Number) for reporting this issue and for working with PDFescape Desktop to help protect our customers.