CVE-2023-37349 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2023-37349?

CVE-2023-37349 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files in Kofax Power PDF. The flaw exists in PDF parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files in Kofax Power PDF. The flaw exists in PDF parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are vulnerable.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not detailed in provided references, but likely multiple recent versions prior to patch.

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability exists in the core PDF parsing functionality, so all standard installations are affected.

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining the same privileges as the user running Power PDF, potentially leading to data theft, ransomware deployment, or lateral movement.

🟠

Likely Case

Local privilege escalation or malware installation on the victim's system when a user opens a malicious PDF.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially only crashing the application.

🌐 Internet-Facing: MEDIUM - Requires user interaction (opening malicious file) but PDFs are commonly shared via email and web.

🏢 Internal Only: MEDIUM - Similar risk internally as PDFs are frequently shared within organizations.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction but the vulnerability is in a commonly used file format. ZDI-CAN-20451 suggests active research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched versions

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.5.0-d3ps28gq9d/print/ReadMe.htm

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Kofax support portal
3. Download and install latest security update
4. Restart system

🔧 Temporary Workarounds

Disable PDF file association

windows

Prevent Power PDF from automatically opening PDF files

Control Panel > Default Programs > Set Associations > Change .pdf to another viewer

Application sandboxing

windows

Run Power PDF in restricted environment

🧯 If You Can't Patch

Implement application whitelisting to block unauthorized PDF viewers
Deploy email/web filtering to block malicious PDF attachments

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory. Versions before the patched release are vulnerable.

Check Version:

In Power PDF: Help > About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version listed in Kofax advisory.

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with memory access violations
Unexpected child processes spawned from Power PDF

Network Indicators:

Outbound connections from Power PDF process to unknown IPs

SIEM Query:

Process creation where parent process contains 'PowerPDF' AND (command line contains suspicious patterns OR destination IP not in allowed list)

📊 Metadata

CVE ID: CVE-2023-37349

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-944/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-944/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37349, you might also want to check these: