CVE-2024-9732 is a use-after-free vulnerability classified under CWE-416 found in the XPS file parsing functionality of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability arises because the software does not verify whether an object still exists before performing operations on it during the parsing process. This leads to a use-after-free condition, which can be exploited by an attacker to execute arbitrary code remotely. The attack vector requires user interaction, specifically the victim opening a maliciously crafted XPS file or visiting a malicious webpage that triggers the vulnerability. Successful exploitation allows the attacker to execute code with the privileges of the current user running the Power PDF application, potentially leading to full system compromise depending on user rights. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required but user interaction necessary. Although no active exploits have been reported, the vulnerability was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24385 and publicly disclosed on November 22, 2024. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for immediate risk mitigation.

The vulnerability enables remote code execution, allowing attackers to run arbitrary code within the context of the affected application. This can lead to full system compromise if the user has elevated privileges. Confidentiality is at risk as attackers could access sensitive documents or data processed by the PDF software. Integrity and availability are also threatened since malicious code could alter or delete files, disrupt normal operations, or install persistent malware. Organizations relying on Tungsten Automation Power PDF for document handling, especially those processing untrusted XPS files, face significant risk. The requirement for user interaction limits mass exploitation but targeted attacks against high-value users or organizations remain a serious concern. The absence of known exploits currently reduces immediate risk but also means attackers may develop exploits rapidly following public disclosure. The vulnerability could be leveraged in phishing campaigns or supply chain attacks, impacting sectors such as finance, government, legal, and healthcare where PDF usage is prevalent.

Organizations should immediately restrict or monitor the use of Tungsten Automation Power PDF version 5.0.0.10.0.23307, especially for opening XPS files from untrusted sources. Implement strict email and web filtering to block malicious XPS attachments and links. Employ application whitelisting and sandboxing to limit the impact of potential exploitation. Educate users about the risks of opening files from unknown or suspicious origins. Monitor for unusual process behavior or crashes related to Power PDF. If possible, disable XPS file support or use alternative PDF readers with a better security track record until a vendor patch is available. Maintain up-to-date backups and ensure endpoint detection and response (EDR) tools are configured to detect exploitation attempts. Regularly check for vendor updates or security advisories to apply patches promptly once released.