CVE-2023-42036 – This vulnerability in Kofax Power PDF allows re... (How to Fix)

Q: What is the severity of CVE-2023-42036?

CVE-2023-42036 has a CVSS score of 7.8 (HIGH). This vulnerability in Kofax Power PDF allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in PDF parsing where improper data validation leads to memory corruption. All users running vulnerable versions of Kofax Power PDF are affected.

📋 TL;DR

This vulnerability in Kofax Power PDF allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files. The flaw exists in PDF parsing where improper data validation leads to memory corruption. All users running vulnerable versions of Kofax Power PDF are affected.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not detailed in provided references, but likely multiple versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected. User interaction required (opening malicious PDF).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Malicious code execution with user privileges, potentially leading to data exfiltration, credential theft, and installation of persistent malware.

🟢

If Mitigated

Limited impact with proper controls - potentially application crash or denial of service if exploit fails, but no code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires user interaction (opening malicious PDF). The vulnerability is memory corruption leading to RCE, making it attractive for attackers.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.0.0-5.0.0.10/wwhelp/wwhimpl/js/html/wwhelp.htm#href=Security.07.3.html

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Kofax support portal
3. Download latest security update
4. Install update
5. Restart system

🔧 Temporary Workarounds

Disable PDF file opening

windows

Prevent Power PDF from being default handler for PDF files

Control Panel > Default Programs > Set Default Programs > Choose another program for .pdf

Application control restriction

windows

Block Power PDF execution via application control policies

🧯 If You Can't Patch

Implement application whitelisting to block Power PDF execution
Use network segmentation to isolate systems with vulnerable software
Deploy email/web filtering to block malicious PDF attachments
Educate users about PDF security risks and safe handling procedures

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against Kofax security advisory. Versions before the patched release are vulnerable.

Check Version:

In Power PDF: Help > About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version specified in Kofax advisory.

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs
Unexpected process creation from Power PDF
Memory access violations in application logs

Network Indicators:

Outbound connections from Power PDF process to suspicious IPs
DNS queries for known malicious domains from PDF-related processes

SIEM Query:

Process Creation where (Image contains 'PowerPDF' OR ParentImage contains 'PowerPDF') AND CommandLine contains '.pdf'

📊 Metadata

CVE ID: CVE-2023-42036

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1393/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1393/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42036, you might also want to check these: