Remote Code Execution Vulnerability in Kofax Power PDF Due to PDF File Parsing
CVE-2024-5302

7.8HIGH

Key Information:

Vendor: Kofax
Status: Power PDF
Vendor: CVE Published:; 6 June 2024

Summary

The Kofax Power PDF software has a notable vulnerability related to the parsing of PDF files. This vulnerability arises from inadequate validation of user-supplied data, leading to an out-of-bounds write condition. Attackers can exploit this flaw by enticing users to open a crafted PDF file or visit a malicious web page. If successfully executed, the malicious code may run in the context of the current user process, potentially allowing unauthorized actions or system manipulation. It is imperative for users to remain vigilant and ensure that their installations of Kofax Power PDF are up-to-date, applying available security patches to mitigate this risk. Further details can be found in the advisory from the Zero Day Initiative.

Affected Version(s)

Power PDF 5.0.0.57

References

https://www.zerodayinitiative.com/advisories/ZDI-24-547/

x_research-advisory

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jun 6, 2024
Vulnerability Reserved
May 23, 2024