CVE-2024-9758 – This vulnerability in Tungsten Automation Power... (How to Fix)

Q: What is the severity of CVE-2024-9758?

CVE-2024-9758 has a CVSS score of 4.3 (MEDIUM). This vulnerability in Tungsten Automation Power PDF allows attackers to read sensitive information from memory when users open malicious PDF files. The flaw exists in how the software handles AcroForm annotations, enabling out-of-bounds memory reads. Users of affected Power PDF versions are at risk.

📋 TL;DR

This vulnerability in Tungsten Automation Power PDF allows attackers to read sensitive information from memory when users open malicious PDF files. The flaw exists in how the software handles AcroForm annotations, enabling out-of-bounds memory reads. Users of affected Power PDF versions are at risk.

💻 Affected Systems

Products:

Tungsten Automation Power PDF

Versions: Specific versions not detailed in advisory, but likely multiple recent versions

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with vulnerable versions are affected. Requires PDF viewing functionality.

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Information disclosure combined with other vulnerabilities could lead to arbitrary code execution in the current process context.

🟠

Likely Case

Sensitive information disclosure from memory, potentially exposing credentials, document contents, or system information.

🟢

If Mitigated

Limited impact with proper security controls, though information leakage still possible.

🌐 Internet-Facing: MEDIUM - Requires user interaction but malicious PDFs can be delivered via web or email.

🏢 Internal Only: MEDIUM - Internal users opening malicious documents pose similar risk as external attacks.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires user interaction (opening malicious file) and likely needs chaining with other vulnerabilities for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified in provided references

Vendor Advisory: https://www.zerodayinitiative.com/advisories/ZDI-24-1361/

Restart Required: Yes

Instructions:

1. Check Tungsten Automation security advisories
2. Download and install latest Power PDF update
3. Restart system after installation
4. Verify update applied successfully

🔧 Temporary Workarounds

Disable PDF opening in Power PDF

windows

Configure system to use alternative PDF viewers for untrusted documents

Application control restrictions

windows

Use application whitelisting to restrict Power PDF execution

🧯 If You Can't Patch

Use alternative PDF viewing software for untrusted documents
Implement network segmentation to limit potential impact

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor advisory. Look for ZDI-CAN-24474 vulnerability status.

Check Version:

Open Power PDF → Help → About to check version

Verify Fix Applied:

Verify Power PDF version is updated beyond vulnerable versions specified in vendor patch notes.

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs
Unexpected memory access errors
Large number of PDF file openings

Network Indicators:

PDF downloads from untrusted sources
Suspicious email attachments

SIEM Query:

Process:PowerPDF.exe AND (EventID:1000 OR EventID:1001) OR FileExtension:pdf AND SourceIP:external

📊 Metadata

CVE ID: CVE-2024-9758

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

CWE: CWE-125

Published: November 22, 2024

Last Updated: November 26, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1361/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9758, you might also want to check these: