CVE-2024-9744 is a remote code execution vulnerability classified under CWE-787 (Out-of-bounds Write) found in Tungsten Automation Power PDF version 5.0.0.10.0.23307. The flaw exists in the JP2 (JPEG 2000) file parsing component where user-supplied data is not properly validated, leading to a write operation beyond the allocated buffer boundaries. This memory corruption can be exploited by an attacker to execute arbitrary code within the context of the Power PDF process. The attack vector requires user interaction, such as opening a crafted malicious JP2 file embedded in a PDF or visiting a malicious webpage that triggers the vulnerable parser. The CVSS v3.0 base score is 7.8, indicating high severity, with an attack vector of local (user must open file or visit page), low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability. Although no public exploits are known at this time, the vulnerability poses a significant risk due to the potential for remote code execution and full process compromise. The vulnerability was assigned by ZDI (ZDI-CAN-24460) and publicly disclosed on November 22, 2024. No official patches have been linked yet, but remediation will likely involve updating the JP2 parsing logic to include proper bounds checking and input validation.

If exploited, this vulnerability allows attackers to execute arbitrary code remotely within the context of the Power PDF application, potentially leading to full system compromise depending on the privileges of the user running the software. This can result in data theft, unauthorized system control, installation of malware, or disruption of services. Since PDF readers are widely used in enterprise and government environments, successful exploitation could facilitate targeted attacks, espionage, or ransomware deployment. The requirement for user interaction limits mass exploitation but does not eliminate risk, especially in phishing or social engineering scenarios. Organizations relying on Tungsten Automation Power PDF for document handling, especially those processing untrusted or external PDF files, face increased risk of compromise, data breaches, and operational disruption.

1. Monitor Tungsten Automation’s official channels for patches or updates addressing CVE-2024-9744 and apply them promptly once available. 2. Until patches are released, restrict or block the opening of JP2 files embedded within PDFs, or disable JP2 parsing features if configurable. 3. Implement strict email and web filtering to detect and quarantine suspicious PDF files containing JP2 images from untrusted sources. 4. Educate users about the risks of opening unsolicited or unexpected PDF attachments and visiting untrusted websites. 5. Employ endpoint protection solutions capable of detecting anomalous behavior or exploitation attempts related to PDF parsing. 6. Use application whitelisting and least privilege principles to limit the impact of potential code execution within the Power PDF process. 7. Consider sandboxing or isolating PDF viewing environments to contain potential exploits. 8. Conduct regular security assessments and threat hunting focused on PDF-related attack vectors.