CVE-2023-37339 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-37339?

CVE-2023-37339 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PCX files in Kofax Power PDF. Attackers can gain full control of the affected system through a memory corruption flaw. All users of vulnerable Kofax Power PDF versions are affected.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PCX files in Kofax Power PDF. Attackers can gain full control of the affected system through a memory corruption flaw. All users of vulnerable Kofax Power PDF versions are affected.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Versions prior to the patched release (specific version numbers not provided in available references)

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. User interaction required (opening malicious file).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the PDF viewer user, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Malicious actors sending phishing emails with crafted PCX files to execute malware or steal credentials from compromised systems.

🟢

If Mitigated

Limited impact with proper application sandboxing, user training, and network segmentation preventing lateral movement.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious file is opened. No authentication required beyond file access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version available from Kofax (specific version not specified in references)

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/4.0.0-4fqgqo6v88/print/OnlineHelp/EN/ReleaseNotes.htm

Restart Required: Yes

Instructions:

1. Download latest Power PDF version from Kofax website. 2. Run installer with administrative privileges. 3. Restart system after installation completes.

🔧 Temporary Workarounds

Disable PCX file association

windows

Remove Power PDF as default handler for PCX files to prevent automatic exploitation

Control Panel > Default Programs > Set Associations > Find .pcx > Change to different program

Application control policy

windows

Block Power PDF from opening PCX files via Group Policy or endpoint protection

🧯 If You Can't Patch

Implement application sandboxing/containerization for Power PDF
User training to avoid opening PCX files from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version in Help > About. If version is older than latest release, assume vulnerable.

Check Version:

Power PDF: Help > About or check installed programs in Control Panel

Verify Fix Applied:

Verify Power PDF version matches latest release from Kofax website and test opening PCX files in controlled environment.

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with memory access violations
Unexpected child processes spawned from Power PDF

Network Indicators:

Outbound connections from Power PDF process to unknown IPs
DNS requests for suspicious domains after PCX file opening

SIEM Query:

Process Creation where ParentImage contains 'PowerPDF.exe' AND CommandLine contains unusual parameters

📊 Metadata

CVE ID: CVE-2023-37339

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-934/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-934/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37339, you might also want to check these: