This issue has been assigned Common Vulnerability Scoring System rating of 7.5. Attackers could exploit this vulnerability to take over the affected system in order to obtain sensitive information or to perform other activities as an authorized user. An attacker could host a malicious dwf or .pct file on a network share and when accessed through the DesignReview.exe application, it could lead to information disclosure or elevation of privileges.
Additionally, this issue has been assigned Common Vulnerability Scoring System rating of 10.0 due to the fact that the dwf or .pct file could also be exploited using cross-process scripting vulnerability. In order to exploit this issue, an attacker would have to supply crafted dwf or .pct file to the user who is using DesignReview.exe application.
Vulnerability overview
DesignReview.exe is an application that resides in the context of the affected process and runs in a privileged mode. A malicious dwf or .pct file could be hosted on a network share and when accessed through DesignReview.exe, it could lead to information disclosure or elevation of privileges.
In order to exploit this issue, an attacker would have to supply crafted dwf or .pct file to the user who is using DesignReview.exe application.
Resolution
A patch has been released to address CVE-2022-42944.
Vulnerable packages: DesignReview.exe
DesignService.exe
DWFReader.exe
DWFWriter.exe
Dwfile2pdf.exe
PDFCreator.exe
Timeline
Published on: 10/21/2022 16:15:00 UTC
Last modified on: 10/24/2022 14:21:00 UTC