CVE-2024-9732: CWE-416: Use After Free in Tungsten Automation Power PDF
CVE-2024-9732 is a high-severity use-after-free vulnerability in Tungsten Automation Power PDF affecting version 5. 0. 0. 10. 0. 23307. The flaw exists in the XPS file parsing component where the software fails to validate object existence before operations, leading to memory corruption. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage, enabling remote code execution in the context of the current process. The vulnerability has a CVSS score of 7. 8, indicating significant impact on confidentiality, integrity, and availability.
AI Analysis
Technical Summary
CVE-2024-9732 is a use-after-free vulnerability classified under CWE-416 found in the XPS file parsing functionality of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability arises because the software does not verify whether an object still exists before performing operations on it during the parsing process. This leads to a use-after-free condition, which can be exploited by an attacker to execute arbitrary code remotely. The attack vector requires user interaction, specifically the victim opening a maliciously crafted XPS file or visiting a malicious webpage that triggers the vulnerability. Successful exploitation allows the attacker to execute code with the privileges of the current user running the Power PDF application, potentially leading to full system compromise depending on user rights. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required but user interaction necessary. Although no active exploits have been reported, the vulnerability was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24385 and publicly disclosed on November 22, 2024. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for immediate risk mitigation.
Potential Impact
The vulnerability enables remote code execution, allowing attackers to run arbitrary code within the context of the affected application. This can lead to full system compromise if the user has elevated privileges. Confidentiality is at risk as attackers could access sensitive documents or data processed by the PDF software. Integrity and availability are also threatened since malicious code could alter or delete files, disrupt normal operations, or install persistent malware. Organizations relying on Tungsten Automation Power PDF for document handling, especially those processing untrusted XPS files, face significant risk. The requirement for user interaction limits mass exploitation but targeted attacks against high-value users or organizations remain a serious concern. The absence of known exploits currently reduces immediate risk but also means attackers may develop exploits rapidly following public disclosure. The vulnerability could be leveraged in phishing campaigns or supply chain attacks, impacting sectors such as finance, government, legal, and healthcare where PDF usage is prevalent.
Mitigation Recommendations
Organizations should immediately restrict or monitor the use of Tungsten Automation Power PDF version 5.0.0.10.0.23307, especially for opening XPS files from untrusted sources. Implement strict email and web filtering to block malicious XPS attachments and links. Employ application whitelisting and sandboxing to limit the impact of potential exploitation. Educate users about the risks of opening files from unknown or suspicious origins. Monitor for unusual process behavior or crashes related to Power PDF. If possible, disable XPS file support or use alternative PDF readers with a better security track record until a vendor patch is available. Maintain up-to-date backups and ensure endpoint detection and response (EDR) tools are configured to detect exploitation attempts. Regularly check for vendor updates or security advisories to apply patches promptly once released.
Affected Countries
United States, Canada, United Kingdom, Germany, France, Australia, Japan, South Korea, India, Brazil
CVE-2024-9732: CWE-416: Use After Free in Tungsten Automation Power PDF
Description
CVE-2024-9732 is a high-severity use-after-free vulnerability in Tungsten Automation Power PDF affecting version 5. 0. 0. 10. 0. 23307. The flaw exists in the XPS file parsing component where the software fails to validate object existence before operations, leading to memory corruption. Exploitation requires user interaction, such as opening a malicious file or visiting a crafted webpage, enabling remote code execution in the context of the current process. The vulnerability has a CVSS score of 7. 8, indicating significant impact on confidentiality, integrity, and availability.
AI-Powered Analysis
Technical Analysis
CVE-2024-9732 is a use-after-free vulnerability classified under CWE-416 found in the XPS file parsing functionality of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability arises because the software does not verify whether an object still exists before performing operations on it during the parsing process. This leads to a use-after-free condition, which can be exploited by an attacker to execute arbitrary code remotely. The attack vector requires user interaction, specifically the victim opening a maliciously crafted XPS file or visiting a malicious webpage that triggers the vulnerability. Successful exploitation allows the attacker to execute code with the privileges of the current user running the Power PDF application, potentially leading to full system compromise depending on user rights. The CVSS v3.0 base score is 7.8, reflecting high impact on confidentiality, integrity, and availability, with low attack complexity and no privileges required but user interaction necessary. Although no active exploits have been reported, the vulnerability was assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24385 and publicly disclosed on November 22, 2024. The lack of patch links suggests that a fix may not yet be available, emphasizing the need for immediate risk mitigation.
Potential Impact
The vulnerability enables remote code execution, allowing attackers to run arbitrary code within the context of the affected application. This can lead to full system compromise if the user has elevated privileges. Confidentiality is at risk as attackers could access sensitive documents or data processed by the PDF software. Integrity and availability are also threatened since malicious code could alter or delete files, disrupt normal operations, or install persistent malware. Organizations relying on Tungsten Automation Power PDF for document handling, especially those processing untrusted XPS files, face significant risk. The requirement for user interaction limits mass exploitation but targeted attacks against high-value users or organizations remain a serious concern. The absence of known exploits currently reduces immediate risk but also means attackers may develop exploits rapidly following public disclosure. The vulnerability could be leveraged in phishing campaigns or supply chain attacks, impacting sectors such as finance, government, legal, and healthcare where PDF usage is prevalent.
Mitigation Recommendations
Organizations should immediately restrict or monitor the use of Tungsten Automation Power PDF version 5.0.0.10.0.23307, especially for opening XPS files from untrusted sources. Implement strict email and web filtering to block malicious XPS attachments and links. Employ application whitelisting and sandboxing to limit the impact of potential exploitation. Educate users about the risks of opening files from unknown or suspicious origins. Monitor for unusual process behavior or crashes related to Power PDF. If possible, disable XPS file support or use alternative PDF readers with a better security track record until a vendor patch is available. Maintain up-to-date backups and ensure endpoint detection and response (EDR) tools are configured to detect exploitation attempts. Regularly check for vendor updates or security advisories to apply patches promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- zdi
- Date Reserved
- 2024-10-09T19:42:20.559Z
- Cvss Version
- 3.0
- State
- PUBLISHED
Threat ID: 699f6b5db7ef31ef0b554a77
Added to database: 2/25/2026, 9:36:29 PM
Last enriched: 2/25/2026, 11:37:25 PM
Last updated: 2/26/2026, 8:08:17 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2026-25191: Uncontrolled Search Path Element in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-23703: Incorrect default permissions in Digital Arts Inc. FinalCode Ver.5 series
HighCVE-2026-1311: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in bearsthemes Worry Proof Backup
HighCVE-2026-2506: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in motahar1 EM Cost Calculator
MediumCVE-2026-2499: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in tgrk Custom Logo
MediumActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.