Code execution vulnerability in Nitro Pro PDF

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
Cisco Talos recently discovered a vulnerability in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application.

Nitro Pro PDF is part of Nitro Software’s Productivity Suite. Pro PDF allows users to create and modify PDFs and other digital documents. It includes support for several capabilities via third-party libraries to parse the PDFs.

TALOS-2021-1267 (CVE-2021-21798) is a use-after-free vulnerability that can be triggered if a target opens a specially crafted, malicious PDF.

Cisco Talos worked with Nitro to ensure that these issues are resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update these affected products as soon as possible: Nitro Pro versions 13.31.0.605 and 13.33.2.645. Talos tested and confirmed these versions of the PDF reader could be exploited by this vulnerability. In addition to applying the patches, these vulnerabilities can also be mitigated if users disable the use of JavaScript in the software’s settings.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top