CVE-2024-27342 is a remote code execution vulnerability identified in Kofax Power PDF version 5.0.0.57, caused by an out-of-bounds write (CWE-787) during the parsing of PDF files. The vulnerability stems from insufficient validation of user-supplied data, which allows an attacker to write beyond the end of an allocated buffer. This memory corruption can be exploited to execute arbitrary code within the context of the Power PDF process. The attack vector requires user interaction, specifically opening a crafted malicious PDF file or visiting a malicious webpage that triggers the vulnerability. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local (AV:L), low attack complexity (AC:L), no privileges required (PR:N), user interaction required (UI:R), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no exploits are currently known in the wild, the vulnerability poses a significant risk due to the potential for full system compromise if exploited. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22928 and is currently unpatched. Organizations relying on Kofax Power PDF for document handling should monitor for patches and consider interim mitigations.

If exploited, this vulnerability allows attackers to execute arbitrary code with the privileges of the user running Kofax Power PDF, potentially leading to full system compromise. This can result in unauthorized data access, data manipulation, or disruption of services. Since the vulnerability affects PDF parsing, attackers can deliver malicious payloads via email attachments, downloads, or compromised websites, increasing the attack surface. The requirement for user interaction limits automated exploitation but does not eliminate risk, especially in environments with high document exchange volumes. The impact extends to confidentiality breaches, integrity violations, and availability disruptions, making it critical for organizations handling sensitive documents. The lack of a patch increases exposure time, raising the risk of targeted attacks once exploit code becomes available.

Until an official patch is released, organizations should implement strict controls on PDF file handling, including disabling automatic opening of PDF files from untrusted sources and educating users about the risks of opening unsolicited attachments. Employ sandboxing or application isolation techniques to limit the impact of potential exploitation. Use endpoint detection and response (EDR) tools to monitor for suspicious behavior related to PDF processing. Network-level protections such as email filtering, attachment scanning, and web content filtering should be enhanced to block malicious PDFs. Maintain up-to-date backups and incident response plans to quickly recover from potential compromises. Once a patch is available, prioritize immediate deployment across all affected systems. Additionally, consider restricting Power PDF usage to trusted users and environments to reduce exposure.