CVE-2024-9745 is a stack-based buffer overflow vulnerability identified in Tungsten Automation Power PDF version 5.0.0.10.0.23307, specifically within the TIF file parsing functionality. The vulnerability stems from inadequate validation of the length of user-supplied data before it is copied into a fixed-length buffer on the stack. This lack of bounds checking allows an attacker to overflow the buffer, corrupting adjacent memory and enabling arbitrary code execution within the context of the Power PDF process. The attack vector requires user interaction, such as opening a maliciously crafted TIF file or visiting a web page that triggers the vulnerability. No privileges or authentication are required, making it accessible to remote attackers. The vulnerability is classified under CWE-121 (stack-based buffer overflow) and has a CVSS v3.0 score of 7.8, indicating high severity with impacts on confidentiality, integrity, and availability. Although no known exploits are currently reported in the wild, the potential for remote code execution makes this a critical risk for organizations relying on this software for document processing. The vulnerability was reported by the Zero Day Initiative (ZDI) as ZDI-CAN-24461 and publicly disclosed on November 22, 2024. As no official patch links are yet available, users must monitor vendor advisories closely. The flaw could be exploited to execute arbitrary code, potentially leading to full system compromise depending on the privileges of the Power PDF process.

The vulnerability allows remote attackers to execute arbitrary code on affected systems, potentially leading to full compromise of the host running Tungsten Automation Power PDF. This can result in unauthorized access to sensitive documents, data exfiltration, installation of malware, or disruption of business operations. Since the vulnerability affects a widely used PDF processing tool, organizations that rely heavily on PDF workflows, especially those handling sensitive or classified information, face significant risk. The requirement for user interaction (opening a malicious file or visiting a malicious page) means social engineering or phishing campaigns could be leveraged to exploit this flaw. The impact spans confidentiality, integrity, and availability, as attackers could steal data, alter documents, or crash the application and underlying system. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the threat, as exploit development is likely given the vulnerability’s nature and severity.

Organizations should immediately inventory their use of Tungsten Automation Power PDF and verify affected versions. Until an official patch is released, users should implement strict controls on file sources, blocking or quarantining suspicious TIF files and disabling automatic opening of PDF attachments from untrusted sources. Employ endpoint protection solutions with heuristic and behavior-based detection to identify exploit attempts. Educate users about the risks of opening unsolicited or unexpected PDF or TIF files, emphasizing caution with email attachments and links. Network-level controls such as web filtering and email gateway scanning can help prevent delivery of malicious files or URLs. Once a vendor patch is available, prioritize rapid deployment across all affected systems. Additionally, consider application sandboxing or running Power PDF with least privilege to limit the impact of potential exploitation. Monitoring logs for unusual application behavior or crashes can aid early detection of exploitation attempts.