CVE-2023-44433 – This vulnerability in Kofax Power PDF allows at... (How to Fix)

Q: What is the severity of CVE-2023-44433?

CVE-2023-44433 has a CVSS score of 5.5 (MEDIUM). This vulnerability in Kofax Power PDF allows attackers to read sensitive information from memory by tricking users into opening malicious PDF files. It affects users of Kofax Power PDF software who open untrusted documents. The flaw exists in how the software handles AcroForm annotations without proper bounds checking.

📋 TL;DR

This vulnerability in Kofax Power PDF allows attackers to read sensitive information from memory by tricking users into opening malicious PDF files. It affects users of Kofax Power PDF software who open untrusted documents. The flaw exists in how the software handles AcroForm annotations without proper bounds checking.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific versions not provided in CVE description - check vendor advisory

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected. User interaction required (opening malicious PDF).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the current user context.

🟠

Likely Case

Sensitive information disclosure from memory, potentially exposing credentials, document contents, or system information.

🟢

If Mitigated

Limited impact with proper security controls - information disclosure only without code execution.

🌐 Internet-Facing: MEDIUM - Requires user interaction but malicious PDFs can be delivered via web, email, or downloads.

🏢 Internal Only: MEDIUM - Internal users opening malicious documents from untrusted sources could be affected.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Requires user interaction to open malicious file. Part of ZDI-CAN-21977 research.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.0.0-5.0.0.10/wwhelp/wwhimpl/js/html/wwhelp.htm#href=ReleaseNotes.05.0.html

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Kofax support portal
3. Download and install latest security update
4. Restart system

🔧 Temporary Workarounds

Disable PDF file opening

windows

Prevent Power PDF from being default handler for PDF files

Control Panel > Default Programs > Set Default Programs > Choose another program for .pdf

Application control policy

windows

Restrict execution of Power PDF to trusted locations only

🧯 If You Can't Patch

Use alternative PDF viewer software
Block Power PDF execution via application control policies

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor advisory. Open Power PDF > Help > About.

Check Version:

PowerPDF.exe --version or check Help > About in application

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor advisory.

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs
Unexpected memory access errors
Large number of PDF file openings

Network Indicators:

PDF downloads from untrusted sources
Email attachments with PDF files

SIEM Query:

source="PowerPDF" AND (event_type="crash" OR event_type="error")

📊 Metadata

CVE ID: CVE-2023-44433

CVSS v3 Score: 5.5 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE: CWE-125

Published: May 3, 2024

Last Updated: August 7, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-23-1610/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-23-1610/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-44433, you might also want to check these: