CVE-2024-5303 is an out-of-bounds write vulnerability classified under CWE-787 found in Kofax Power PDF version 5.0.0.57. The vulnerability exists in the PSD file parsing component, where the software fails to properly validate user-supplied data, allowing an attacker to write data beyond the bounds of an allocated buffer. This memory corruption can be exploited to execute arbitrary code remotely with the privileges of the user running the application. The attack vector requires user interaction, such as opening a malicious PSD file or visiting a crafted webpage containing such a file. The vulnerability does not require prior authentication or elevated privileges, making it accessible to remote attackers targeting end users. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits have been observed in the wild, the potential for remote code execution makes this a critical risk for affected users. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-22919 and publicly disclosed on June 6, 2024. No official patches have been linked yet, so mitigation relies on defensive measures and cautious handling of PSD files.

The vulnerability allows remote attackers to execute arbitrary code in the context of the current user, potentially leading to full system compromise depending on user privileges. Confidentiality is at risk as attackers could access sensitive documents or data processed by Power PDF. Integrity could be compromised by altering documents or injecting malicious content. Availability could be affected if exploitation causes application crashes or system instability. Organizations relying on Kofax Power PDF for document management, especially those handling sensitive or regulated information, face risks of data breaches, malware infections, and lateral movement within networks. The requirement for user interaction limits mass exploitation but targeted attacks against employees or partners remain a significant threat. The lack of patches increases exposure time, and attackers may develop exploits given the public disclosure. This vulnerability could be leveraged in spear-phishing campaigns or supply chain attacks involving malicious PSD files.

Until an official patch is released, organizations should implement strict controls on the handling of PSD files, including blocking or sandboxing PSD attachments in email gateways and endpoint security solutions. User education is critical to prevent opening suspicious or unsolicited PSD files. Employ application whitelisting and endpoint detection and response (EDR) tools to monitor and block anomalous behaviors associated with Power PDF. Restrict user privileges to limit the impact of code execution. Network segmentation can reduce lateral movement if exploitation occurs. Monitor for unusual process activity related to Power PDF and PSD file handling. Regularly check for vendor updates or security advisories to apply patches promptly once available. Consider disabling or limiting the use of PSD file features in Power PDF if possible. Incident response plans should be updated to address potential exploitation scenarios involving this vulnerability.