CVE-2024-9747 – This vulnerability allows remote attackers to e... (How to Fix)

Q: What is the severity of CVE-2024-9747?

CVE-2024-9747 has a CVSS score of 7.8 (HIGH). This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PSD files in Tungsten Automation Power PDF. The flaw exists in PSD file parsing where improper data validation leads to buffer overflow. All users running affected versions of Power PDF are at risk.

📋 TL;DR

This vulnerability allows remote attackers to execute arbitrary code by tricking users into opening malicious PSD files in Tungsten Automation Power PDF. The flaw exists in PSD file parsing where improper data validation leads to buffer overflow. All users running affected versions of Power PDF are at risk.

💻 Affected Systems

Products:

Tungsten Automation Power PDF

Versions: Specific versions not detailed in advisory, but likely multiple versions prior to patch

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Vulnerability requires user interaction to open malicious PSD file

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the victim's machine, data theft, ransomware deployment, and lateral movement within the network.

🟠

Likely Case

Malware installation, data exfiltration, or system disruption when users open malicious PSD files from untrusted sources.

🟢

If Mitigated

Limited impact with proper security controls, potentially only application crash or denial of service.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction but no authentication. ZDI has confirmed the vulnerability exists.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tungsten Automation security advisory for specific patched version

Vendor Advisory: https://www.tungstenautomation.com/security

Restart Required: Yes

Instructions:

1. Visit Tungsten Automation security advisory page
2. Download latest version of Power PDF
3. Install update following vendor instructions
4. Restart system if prompted

🔧 Temporary Workarounds

Disable PSD file association

windows

Remove Power PDF as default handler for PSD files to prevent automatic opening

Control Panel > Default Programs > Set Associations > Find .psd > Change to different program

Block PSD files at perimeter

all

Prevent PSD files from entering network via email or web

🧯 If You Can't Patch

Implement application whitelisting to prevent unauthorized executables
Use endpoint protection with memory protection and exploit mitigation

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor advisory. If using unpatched version, assume vulnerable.

Check Version:

Open Power PDF > Help > About or check installed programs in Control Panel

Verify Fix Applied:

Verify Power PDF version matches or exceeds patched version in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs
Unexpected process creation from Power PDF
Memory access violation events

Network Indicators:

Downloads of PSD files from untrusted sources
Outbound connections after PSD file opening

SIEM Query:

Process Creation where Image contains 'PowerPDF' AND Parent Process contains 'explorer' OR Command Line contains '.psd'

📊 Metadata

CVE ID: CVE-2024-9747

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: November 22, 2024

Last Updated: November 25, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1344/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9747, you might also want to check these: