CVE-2024-9747 is an out-of-bounds write vulnerability classified under CWE-787 found in the PSD file parsing component of Tungsten Automation Power PDF version 5.0.0.10.0.23307. The vulnerability stems from insufficient validation of user-supplied data during the parsing process, which allows an attacker to write beyond the allocated buffer boundaries. This memory corruption can be exploited to execute arbitrary code remotely in the context of the current process. Exploitation requires user interaction, such as opening a maliciously crafted PSD file or visiting a malicious webpage that triggers the vulnerable parser. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24463 and has a CVSS v3.0 base score of 7.8, indicating high severity. The attack vector is local (AV:L) but requires low attack complexity (AC:L), no privileges (PR:N), and user interaction (UI:R). The impact on confidentiality, integrity, and availability is high, as arbitrary code execution can lead to full system compromise depending on the user's privileges. No public exploits have been reported yet, but the vulnerability represents a critical risk for environments where Power PDF is used to handle PSD files. The lack of a current patch necessitates immediate mitigation steps to reduce exposure.

The vulnerability allows remote attackers to execute arbitrary code with the privileges of the user running Tungsten Automation Power PDF, potentially leading to full system compromise. This can result in unauthorized access to sensitive documents, data theft, installation of malware, or disruption of business operations. Since the vulnerability affects document parsing, it can be exploited via social engineering tactics such as phishing emails containing malicious PSD files or malicious web content. Organizations relying on Power PDF for document workflows, especially those handling confidential or regulated information, face risks to data confidentiality, integrity, and availability. The requirement for user interaction limits mass exploitation but targeted attacks against high-value users or departments remain a significant threat. The absence of known exploits in the wild currently reduces immediate risk but does not eliminate the potential for future attacks once exploit code becomes available.

1. Monitor Tungsten Automation's official channels for security patches addressing CVE-2024-9747 and apply updates promptly once released. 2. Implement strict file handling policies to block or quarantine PSD files from untrusted sources, especially in email attachments and downloads. 3. Employ endpoint protection solutions capable of detecting anomalous behavior related to PDF or PSD file parsing. 4. Educate users about the risks of opening files from untrusted or unknown sources, emphasizing caution with PSD files. 5. Use application whitelisting to restrict execution of unauthorized code and sandbox PDF processing applications where feasible. 6. Network-level controls such as disabling or restricting access to web resources known to host malicious PSD files can reduce exposure. 7. Conduct regular security assessments and penetration testing to identify and remediate similar vulnerabilities proactively. 8. Maintain comprehensive logging and monitoring to detect suspicious activities indicative of exploitation attempts.