{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2018-25217", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2026-03-26T13:17:31.692Z", "datePublished": "2026-03-26T13:24:17.314Z", "dateUpdated": "2026-03-26T13:57:21.296Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:17.314Z"}, "datePublic": "2018-12-18T00:00:00.000Z", "title": "PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution", "descriptions": [{"lang": "en", "value": "PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "Out-of-bounds Write", "cweId": "CWE-787", "type": "CWE"}]}], "affected": [{"vendor": "Rttsoftware", "product": "PDF Explorer", "versions": [{"version": "1.5.66.2", "status": "affected"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:speed_software:explorer:1.5.66.2:*:*:*:*:*:*:*"}]}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "baseScore": 8.6, "baseSeverity": "HIGH", "exploitMaturity": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS"}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "references": [{"url": "https://www.exploit-db.com/exploits/46016", "name": "ExploitDB-46016", "tags": ["exploit"]}, {"url": "http://www.rttsoftware.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip", "name": "Product Reference", "tags": ["product"]}, {"name": "VulnCheck Advisory: PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution", "tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/pdf-explorer-structured-exception-handler-local-code-execution"}], "credits": [{"lang": "en", "value": "Achilles", "type": "finder"}], "x_generator": {"engine": "vulncheck"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:57:07.395627Z", "id": "CVE-2018-25217", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:57:21.296Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2018-25217", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-26T13:57:07.395627Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:57:17.487Z"}}], "cna": {"title": "PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution", "credits": [{"lang": "en", "type": "finder", "value": "Achilles"}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 8.6, "Automatable": "NOT_DEFINED", "attackVector": "LOCAL", "baseSeverity": "HIGH", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.4, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "Rttsoftware", "product": "PDF Explorer", "versions": [{"status": "affected", "version": "1.5.66.2"}]}], "datePublic": "2018-12-18T00:00:00.000Z", "references": [{"url": "https://www.exploit-db.com/exploits/46016", "name": "ExploitDB-46016", "tags": ["exploit"]}, {"url": "http://www.rttsoftware.com/", "name": "Official Product Homepage", "tags": ["product"]}, {"url": "https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip", "name": "Product Reference", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/pdf-explorer-structured-exception-handler-local-code-execution", "name": "VulnCheck Advisory: PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "vulncheck"}, "descriptions": [{"lang": "en", "value": "PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-787", "description": "Out-of-bounds Write"}]}], "cpeApplicability": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:speed_software:explorer:1.5.66.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2026-03-26T13:24:17.314Z"}}}, "cveMetadata": {"cveId": "CVE-2018-25217", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:57:21.296Z", "dateReserved": "2026-03-26T13:17:31.692Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2026-03-26T13:24:17.314Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rttsoftware:pdf_explorer:1.5.66.2:*:*:*:*:*:*:*", "matchCriteriaId": "0B3D94D5-9207-48A0-9D70-38A70F8F8634", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field."}, {"lang": "es", "value": "PDF Explorer 1.5.66.2 contiene una vulnerabilidad de desbordamiento de gestor de excepciones estructurado (SEH) que permite a atacantes locales ejecutar c\u00f3digo arbitrario sobrescribiendo registros SEH con datos maliciosos. Los atacantes pueden crear una carga \u00fatil con desbordamiento de b\u00fafer, salto NSEH y cadenas de gadgets ROP que se ejecutan cuando el di\u00e1logo de configuraci\u00f3n de campos personalizados procesa la entrada maliciosa en el campo 'Label'."}], "id": "CVE-2018-25217", "lastModified": "2026-03-27T18:16:39.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 5.9, "source": "disclosure@vulncheck.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2026-03-26T14:16:05.693", "references": [{"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "http://www.rttsoftware.com/"}, {"source": "disclosure@vulncheck.com", "tags": ["Exploit", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/46016"}, {"source": "disclosure@vulncheck.com", "tags": ["Product"], "url": "https://www.rttsoftware.com/files/PDFExplorerTrialSetup.zip"}, {"source": "disclosure@vulncheck.com", "tags": ["Third Party Advisory"], "url": "https://www.vulncheck.com/advisories/pdf-explorer-structured-exception-handler-local-code-execution"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-787"}], "source": "disclosure@vulncheck.com", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5.66.2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "PDF Explorer", "source": "cna", "vendor": "Rttsoftware"}, "product": "pdf_explorer", "vendor": "rttsoftware"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "1.5.66.2"}}], "enrichment": {"confidence": 95.0, "confidence_source": "inferred", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "explorer", "vendor": "speed_software"}], "analysis": {"en": {"generated_at": "2026-03-27T19:24:09.606760+00:00", "value": {"mitigation_remediation": ["Update PDF Explorer to a patched version that removes the SEH overflow.", "Restrict local users from creating or editing PDFs that contain custom fields, or disable the custom fields dialog entirely.", "Apply least\u2011privilege principles to local accounts to limit the potential damage from code execution.", "Monitor the system for anomalous processes or unexplained code execution attempts following PDF handling."], "summary": {"action": "Immediate Patch", "impact": "Local Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is PDF Explorer version 1.5.66.2 from RTTSoftware. No other versions are listed as impacted.", "description_and_impact": "The vulnerability is a Structured Exception Handler (SEH) overflow that allows an attacker with local access to craft input for the PDF Explorer custom fields dialog and overwrite SEH records. When the dialog processes the malicious label field, the SEH chain is hijacked and arbitrary code can be executed. The weakness is a classic buffer overflow (CWE-787).", "risk_and_exploitability": "The CVSS score of 8.6 rates this as a high\u2011severity flaw, and the EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the exploit requires a locally privileged user who can open or edit a malicious PDF, the attack surface is limited to local machine use."}}}}, "created": "2026-03-27T08:34:24.887998+00:00", "updated": "2026-03-27T20:26:10.054691+00:00", "vendors": ["rttsoftware", "rttsoftware$PRODUCT$pdf_explorer", "speed_software", "speed_software$PRODUCT$explorer"]}