Multiple Remote Code Execution Bugs in NitroPDF

upnorth

upnorth

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 27, 2015
5,459
Content source
https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html
Cisco Talos recently discovered multiple remote code execution vulnerabilities in NitroPDF. Nitro PDF allows users to save, read, sign and edit PDF files on their machines. There are two versions of the product: a free and a paid version called “Pro.” The paid version offers several features the free one does not, including the ability to combine multiple PDFs into one file and to redact sensitive information in the file. These bugs all exist in the Pro version of the software.

patch_availability_nopatch.jpg
Click to expand...
 
  • Like
  • +Reputation
  • Thanks
Reactions: dinosaur07, plat, Freki123 and 6 others
LASER_oneXM

LASER_oneXM

Level 37
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs
source: Nitro PDF Pro to Get Micropatches for 7 Potential RCE Bugs
The current version of Nitro PDF Pro has at least one vulnerability that could be used to attempt remote code execution on the victim host. A fix from a third party is on its way.

An official patch from the developer is unavailable for this security flaw, which has a severity score of 8.8 out of 10. Leveraging is possible through a specially crafted PDF file opened with a vulnerable version of the software.

Nitro PDF's developer has a customer base predominantly from the enterprise world. Companies operating at a national or global scale are on the list, running its software as an alternative to Adobe Acrobat Pro.

Its customers include the Australian Pacific National rail freight operator, German automotive manufacturer Continental, Zebra Technologies (asset tracking solutions), T-Mobile Austria (telecom), Swiss Re (insurance), and JLL (property management).
Click to expand...
 
  • Like
  • +Reputation
Reactions: [correlate], Gandalf_The_Grey, Venustus and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • +Reputation
    • Like
ASUS routers vulnerable to critical remote code execution flaws (patched)
Replies
1
Views
1,166
News Archive
codswollip
codswollip
Brownie2019
    • Like
    • Thanks
Unlimited Giveaway Soda PDF 14 Standard for free 1yr
Replies
1
Views
772
Giveaways, Promotions and Contests
Brownie2019
Brownie2019
Skylly
    • Like
  • Locked
Unlimited Giveaway SwifDoo PDF Halloween Giveaway
Replies
0
Views
712
Expired Giveaways
Skylly
Skylly

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top