CVE-2024-9764 – A use-after-free vulnerability in Tungsten Auto... (How to Fix)

Q: What is the severity of CVE-2024-9764?

CVE-2024-9764 has a CVSS score of 7.8 (HIGH). A use-after-free vulnerability in Tungsten Automation Power PDF allows remote attackers to execute arbitrary code when users open malicious PDF files. This affects all users of vulnerable versions of Power PDF software. Successful exploitation gives attackers control over the affected system with the same privileges as the current user.

📋 TL;DR

A use-after-free vulnerability in Tungsten Automation Power PDF allows remote attackers to execute arbitrary code when users open malicious PDF files. This affects all users of vulnerable versions of Power PDF software. Successful exploitation gives attackers control over the affected system with the same privileges as the current user.

💻 Affected Systems

Products:

Tungsten Automation Power PDF

Versions: Specific versions not detailed in advisory, but all versions prior to patched release are likely affected.

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with default configurations are vulnerable. User interaction required (opening malicious PDF).

📦 What is this software?

Power Pdf by Tungstenautomation

View all CVEs affecting Power Pdf →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation, credential theft, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper application sandboxing and user privilege restrictions.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction (opening malicious file). No public exploit code available at time of advisory.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Check Tungsten Automation security advisory for specific patched version.

Vendor Advisory: https://www.tungstenautomation.com/security

Restart Required: Yes

Instructions:

1. Check current Power PDF version
2. Visit Tungsten Automation security advisory page
3. Download and install latest patched version
4. Restart system after installation

🔧 Temporary Workarounds

Disable PDF file association

windows

Prevent Power PDF from automatically opening PDF files

Control Panel > Default Programs > Set Associations > Change .pdf association to alternative viewer

Application sandboxing

windows

Run Power PDF in restricted environment

🧯 If You Can't Patch

Implement application allowlisting to block Power PDF execution
Deploy network segmentation to isolate systems running Power PDF

🔍 How to Verify

Check if Vulnerable:

Check Power PDF version against vendor's patched version list

Check Version:

Open Power PDF > Help > About

Verify Fix Applied:

Verify installed version matches or exceeds patched version from vendor advisory

📡 Detection & Monitoring

Log Indicators:

Power PDF crash logs with memory access violations
Unexpected child processes spawned from Power PDF

Network Indicators:

Outbound connections from Power PDF to unknown IPs
DNS requests for suspicious domains after PDF opening

SIEM Query:

process_name:"PowerPDF.exe" AND (event_id:1000 OR parent_process:unexpected)

📊 Metadata

CVE ID: CVE-2024-9764

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: November 22, 2024

Last Updated: November 26, 2024

🔗 References

https://www.zerodayinitiative.com/advisories/ZDI-24-1362/ Third Party Advisory,VDB Entry

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-9764, you might also want to check these: