CVE-2023-51567
📋 TL;DR
This vulnerability in Kofax Power PDF allows attackers to read memory beyond allocated bounds when parsing malicious OXPS files, potentially disclosing sensitive information. Users who open untrusted OXPS files or visit malicious websites are affected. The vulnerability could be combined with other exploits to achieve arbitrary code execution.
💻 Affected Systems
- Kofax Power PDF
📦 What is this software?
Power Pdf by Tungstenautomation
⚠️ Risk & Real-World Impact
Worst Case
Arbitrary code execution in the context of the current user process, leading to full system compromise when combined with other vulnerabilities.
Likely Case
Information disclosure through memory reads, potentially exposing sensitive data like credentials or system information.
If Mitigated
Limited impact with proper file validation and user awareness preventing malicious file execution.
🎯 Exploit Status
Requires user interaction to open malicious file; exploitation may require chaining with other vulnerabilities for code execution.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not specified in provided references
Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-006/
Restart Required: Yes
Instructions:
1. Check Kofax website for security updates. 2. Download and install latest Power PDF version. 3. Restart system to ensure patch is fully applied.
🔧 Temporary Workarounds
Disable OXPS file association
windowsRemove OXPS file type association with Kofax Power PDF to prevent automatic opening
Control Panel > Default Programs > Associate a file type or protocol with a program > Select .oxps > Change program > Choose different application
Block OXPS files at perimeter
allConfigure email gateways and web filters to block OXPS file attachments
🧯 If You Can't Patch
- Implement application whitelisting to prevent unauthorized OXPS file execution
- Educate users about risks of opening untrusted OXPS files and implement strict file validation policies
🔍 How to Verify
Check if Vulnerable:
Check Power PDF version against vendor advisory; if using unpatched version, system is vulnerableCheck Version:
Open Power PDF > Help > About (or check installed programs in Control Panel)Verify Fix Applied:
Verify Power PDF version matches or exceeds patched version specified in vendor advisory📡 Detection & Monitoring
Log Indicators:
- Power PDF crash logs related to OXPS parsing
- Unexpected memory access errors in application logs
Network Indicators:
- Downloads of OXPS files from untrusted sources
- Network traffic patterns indicating file parsing anomalies
SIEM Query:
Process:PowerPDF.exe AND (FileExtension:oxps OR FileName:*.oxps)