CVE-2024-30373 is a remote code execution vulnerability classified under CWE-787 (Out-of-bounds Write) affecting Kofax Power PDF version 5.0.0.57. The vulnerability exists in the parsing logic for JPF files, where insufficient validation of user-supplied data allows an attacker to write beyond the bounds of allocated memory. This memory corruption can be exploited to execute arbitrary code within the security context of the Power PDF process. The attack vector requires user interaction, such as opening a maliciously crafted JPF file or visiting a web page that triggers the vulnerability. The vulnerability does not require prior authentication, increasing its risk profile. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required. Although no public exploits have been reported yet, the flaw was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-22092. The lack of a current patch means organizations must rely on mitigations until an official fix is released. The vulnerability highlights the risks associated with parsing complex file formats without rigorous input validation.

Successful exploitation of this vulnerability can lead to full compromise of the affected system by allowing arbitrary code execution within the context of the Kofax Power PDF application. This could enable attackers to execute malicious payloads, steal sensitive information, manipulate documents, or move laterally within a network. Given that Power PDF is used in many enterprise environments for document management and processing, the impact extends to potential data breaches, disruption of business operations, and loss of data integrity. The requirement for user interaction limits mass exploitation but targeted attacks against high-value individuals or organizations remain a significant threat. Additionally, the vulnerability affects confidentiality, integrity, and availability, making it a critical concern for organizations handling sensitive or regulated data.

Organizations should immediately implement strict policies to limit the opening of untrusted or unsolicited JPF files and restrict access to potentially malicious web content. Until an official patch is released by Kofax, consider disabling or restricting the use of JPF file parsing within Power PDF if possible. Employ endpoint protection solutions capable of detecting anomalous behavior related to memory corruption exploits. Conduct user awareness training to reduce the likelihood of users opening malicious files or links. Monitor network and endpoint logs for suspicious activity associated with Power PDF processes. Once a patch becomes available, prioritize its deployment across all affected systems. Additionally, consider sandboxing or running Power PDF in a restricted environment to limit the impact of potential exploitation.