PowerDocu Remote Code Execution Vulnerability via Insecure JSON Deserialization

A remote code execution vulnerability has been identified in PowerDocu versions prior to 2.4.0. The issue arises from the application's Windows GUI executable, which improperly parses JSON files in Flow or App packages. By blindly trusting the $type property, the application allows attackers to instantiate arbitrary .NET objects and execute code. This vulnerability can be exploited if a user opens a malicious Flow or App file.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the victim's machine, with the same privileges as the user. This could result in system compromise, data theft, or the installation of ransomware.

Reproduction

To reproduce this vulnerability, create a zip package containing a file named 'definition.json' with a payload that specifies a .NET type capable of executing commands, such as 'System.Diagnostics.Process'. When this file is opened in PowerDocu, the specified command will be executed on the user's machine.

Remediation

Users are advised to update to PowerDocu version 2.4.0 or later, where this vulnerability has been patched.