Anthony Fuller

**Name of the Vulnerable Software and Affected Versions** PDF-XChange Editor (affected versions not specified) **Description** This issue allows network-adjacent attackers to execute arbitrary code on affected installations of PDF-XChange Editor. User interaction is not required to exploit this issue. The specific flaw exists within the update functionality, resulting from the lack of proper validation of the certificate presented by the server. An attacker can leverage this issue to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 **Description** The issue allows multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file that operates outside of the designated memory area, potentially leading to information disclosure, memory corruption, and remote code execution. **Recommendations** For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0 to resolve the issue. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 **Description** The issue allows multiple vulnerabilities to be exploited when a valid user opens a specially crafted, malicious input file, causing the program to mishandle pointers. This can lead to remote code execution due to untrusted pointer dereference. **Recommendations** For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0 to resolve the issue. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 **Description** The issue allows an attacker to access configuration files due to the use of a hard-coded password for encrypting protected files in transit and at rest. **Recommendations** For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later.

**Name of the Vulnerable Software and Affected Versions** Red Lion Controls Crimson versions 3.0 and prior Red Lion Controls Crimson version 3.1 prior to release 3112.00 **Description** The issue allows for exploitation when a valid user opens a specially crafted, malicious input file. This can lead to referencing memory after it has been freed, which is a use-after-free condition. This condition can potentially be used for remote code execution or information disclosure. **Recommendations** For Red Lion Controls Crimson versions 3.0 and prior, update to a version later than 3.0 to resolve the issue. For Red Lion Controls Crimson version 3.1 prior to release 3112.00, update to release 3112.00 or later to resolve the issue. As a temporary workaround, consider restricting access to malicious input files until a patch is available.