Login Sign Up

CVE-2023-42127

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files in Kofax Power PDF. The flaw exists in PDF parsing where improper data validation enables out-of-bounds writes. All users of affected Kofax Power PDF versions are at risk.

💻 Affected Systems

Products:
  • Kofax Power PDF
Versions: Versions prior to the patched release (specific version numbers not provided in available references)
Operating Systems: Windows
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of affected versions are vulnerable. User interaction required (opening malicious PDF).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, data theft, and lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or ransomware deployment on individual user systems through malicious PDF documents.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash only.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction but is technically straightforward once malicious PDF is opened. No authentication required for the exploit itself.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Latest version available from Kofax (check vendor advisory for specific version)

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.5.0-d3ps5g6v25/print/ReadMe.htm

Restart Required: Yes

Instructions:

1. Open Kofax Power PDF
2. Navigate to Help > Check for Updates
3. Follow prompts to download and install latest version
4. Restart system after installation

🔧 Temporary Workarounds

Disable PDF file association

windows

Prevent Power PDF from automatically opening PDF files

Control Panel > Default Programs > Set Associations > Find .pdf > Change to alternative PDF reader

Application sandboxing

windows

Run Power PDF in restricted environment

🧯 If You Can't Patch

  • Implement application whitelisting to block Power PDF execution
  • Deploy network filtering to block PDF downloads from untrusted sources

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor advisory. Vulnerable if using version prior to patched release.

Check Version:

Open Power PDF > Help > About Power PDF

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version specified in vendor advisory.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes of Power PDF
  • Unusual process creation from Power PDF executable
  • Memory access violation errors in application logs

Network Indicators:

  • PDF downloads from suspicious sources
  • Unusual outbound connections from Power PDF process

SIEM Query:

Process Creation where Image contains 'PowerPDF' AND ParentImage contains 'explorer.exe' AND CommandLine contains '.pdf'

📊 Metadata

CVE ID: CVE-2023-42127
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: May 3, 2024
Last Updated: August 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42127, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)