Description
PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field.
Published: 2026-03-26
Score: 8.6 High
EPSS: < 1% Very Low
KEV: No
Impact: Local Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability is a Structured Exception Handler (SEH) overflow that allows an attacker with local access to craft input for the PDF Explorer custom fields dialog and overwrite SEH records. When the dialog processes the malicious label field, the SEH chain is hijacked and arbitrary code can be executed. The weakness is a classic buffer overflow (CWE-787).

Affected Systems

The affected product is PDF Explorer version 1.5.66.2 from RTTSoftware. No other versions are listed as impacted.

Risk and Exploitability

The CVSS score of 8.6 rates this as a high‑severity flaw, and the EPSS score of less than 1% indicates a low probability of exploitation. The vulnerability is not listed in the CISA KEV catalog. Because the exploit requires a locally privileged user who can open or edit a malicious PDF, the attack surface is limited to local machine use.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update PDF Explorer to a patched version that removes the SEH overflow.
  • Restrict local users from creating or editing PDFs that contain custom fields, or disable the custom fields dialog entirely.
  • Apply least‑privilege principles to local accounts to limit the potential damage from code execution.
  • Monitor the system for anomalous processes or unexplained code execution attempts following PDF handling.

Generated by OpenCVE AI on March 27, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:rttsoftware:pdf_explorer:1.5.66.2:*:*:*:*:*:*:*

Fri, 27 Mar 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Rttsoftware
Rttsoftware pdf Explorer
Vendors & Products Rttsoftware
Rttsoftware pdf Explorer

Thu, 26 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 26 Mar 2026 13:45:00 +0000

Type Values Removed Values Added
Description PDF Explorer 1.5.66.2 contains a structured exception handler (SEH) overflow vulnerability that allows local attackers to execute arbitrary code by overwriting SEH records with malicious data. Attackers can craft a payload with buffer overflow, NSEH jump, and ROP gadget chains that execute when the Custom fields settings dialog processes the malicious input in the Label field.
Title PDF Explorer 1.5.66.2 Structured Exception Handler Local Code Execution
First Time appeared Speed Software
Speed Software explorer
Weaknesses CWE-787
CPEs cpe:2.3:a:speed_software:explorer:1.5.66.2:*:*:*:*:*:*:*
Vendors & Products Speed Software
Speed Software explorer
References
Metrics cvssV3_1

{'score': 8.4, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 8.6, 'vector': 'CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Rttsoftware Pdf Explorer
Speed Software Explorer
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-03-26T13:57:21.296Z

Reserved: 2026-03-26T13:17:31.692Z

Link: CVE-2018-25217

cve-icon Vulnrichment

Updated: 2026-03-26T13:57:17.487Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-26T14:16:05.693

Modified: 2026-03-27T18:16:39.293

Link: CVE-2018-25217

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:26:10Z

Weaknesses