CVE-2024-9764 is a use-after-free vulnerability classified under CWE-416 affecting Tungsten Automation Power PDF version 5.0.0.10.0.23307. The flaw occurs during the parsing of PDF files, where the software fails to verify the existence of an object before performing operations on it, leading to a use-after-free condition. This memory corruption can be exploited by a remote attacker to execute arbitrary code within the context of the Power PDF process. Exploitation requires user interaction, such as opening a crafted malicious PDF file or visiting a malicious webpage that triggers the vulnerability. The vulnerability was identified and assigned by the Zero Day Initiative (ZDI) as ZDI-CAN-24480 and published on November 22, 2024. The CVSS v3.0 base score is 7.8, indicating high severity, with attack vector local, low attack complexity, no privileges required, user interaction required, and full impact on confidentiality, integrity, and availability. No patches or known exploits are currently available, but the vulnerability poses a significant risk due to the potential for remote code execution and the common use of PDF files in business environments.

This vulnerability allows attackers to execute arbitrary code remotely, potentially leading to full system compromise within the context of the user running Power PDF. The impact includes loss of confidentiality (data exposure), integrity (unauthorized modification), and availability (disruption of service). Since PDF files are widely used for document exchange, attackers can leverage social engineering to trick users into opening malicious files, increasing the attack surface. Organizations relying on Tungsten Automation Power PDF for document handling, especially in sectors like finance, legal, and government, face elevated risks of targeted attacks. The lack of authentication requirements and the need only for user interaction make this vulnerability easier to exploit compared to those requiring credentials or complex conditions. The absence of known exploits currently provides a window for mitigation, but the potential for rapid weaponization exists.

Organizations should monitor Tungsten Automation’s advisories for official patches and apply them promptly once released. Until patches are available, implement strict email and web filtering to block malicious PDF files and URLs. Employ endpoint protection solutions capable of detecting anomalous behavior related to PDF parsing and memory corruption. Educate users about the risks of opening unsolicited or suspicious PDF attachments and links. Consider sandboxing or isolating PDF reader applications to limit the impact of potential exploitation. Disable or restrict the use of Power PDF where possible, or replace it with alternative PDF readers with a stronger security track record. Regularly update all software components and maintain robust backup and recovery procedures to mitigate post-exploitation damage.