CVE-2024-27344 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-27344?

CVE-2024-27344 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files in Kofax Power PDF. The flaw exists in PDF file parsing where improper data validation leads to memory corruption. All users of affected Kofax Power PDF versions are vulnerable.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PDF files in Kofax Power PDF. The flaw exists in PDF file parsing where improper data validation leads to memory corruption. All users of affected Kofax Power PDF versions are vulnerable.

💻 Affected Systems

Products:

Kofax Power PDF

Versions: Specific affected versions not specified in provided references, but likely multiple recent versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations of affected versions are vulnerable. User interaction required (opening malicious PDF).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the affected system, potentially leading to data theft, ransomware deployment, or lateral movement within the network.

🟠

Likely Case

Local privilege escalation or system compromise on the user's workstation, potentially leading to credential theft, data exfiltration, or installation of persistent malware.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions, potentially resulting in application crash but no code execution.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). The vulnerability is in PDF parsing logic, making reliable exploitation possible but requiring crafted PDF files.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Kofax security advisory for specific patched version

Vendor Advisory: https://docshield.kofax.com/PowerPDF/en_US/5.5.0-d3s176i9m5/print/online/wwhelp/wwhimpl/js/html/wwhelp.htm#href=ReleaseNotes.06.3.html

Restart Required: Yes

Instructions:

1. Open Kofax Power PDF
2. Navigate to Help > Check for Updates
3. Follow prompts to download and install latest version
4. Restart application and system if prompted

🔧 Temporary Workarounds

Disable PDF file association

windows

Prevent Kofax Power PDF from automatically opening PDF files

Control Panel > Default Programs > Set Associations > Find .pdf > Change to different PDF reader

Application control policy

windows

Restrict execution of Kofax Power PDF using application whitelisting

🧯 If You Can't Patch

Implement network segmentation to isolate systems running vulnerable software
Deploy endpoint detection and response (EDR) with memory protection capabilities

🔍 How to Verify

Check if Vulnerable:

Check Help > About in Kofax Power PDF and compare version against vendor advisory

Check Version:

In Kofax Power PDF: Help > About

Verify Fix Applied:

Verify installed version matches or exceeds patched version specified in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Application crashes of Kofax Power PDF
Unusual process creation from PDF reader
Memory access violations in application logs

Network Indicators:

Downloads of PDF files from untrusted sources
Outbound connections initiated after PDF file opening

SIEM Query:

Process Creation where ParentImage contains 'PowerPDF' and CommandLine contains '.pdf'

📊 Metadata

CVE ID: CVE-2024-27344

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 3, 2024

Last Updated: June 3, 2025

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-224/ Third Party Advisory
https://www.zerodayinitiative.com/advisories/ZDI-24-224/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27344, you might also want to check these: