[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

To: fulldisclosure@xxxxxxxxxxxx
Subject: [FD] SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities
From: Maor Shwartz <maors@xxxxxxxxxxxxxxxxxx>
Date: Mon, 24 Jul 2017 08:42:49 +0300

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Link: https://blogs.securiteam.com/index.php/archives/3251
Twitter: @SecuriTeam_SSD

*Vulnerabilities Summary*
The following advisory describes three vulnerabilities found in Nitro /
Nitro Pro PDF.

Nitro Pro is the PDF reader and editor that does everything you will ever
need to do with PDF files. The powerful but snappy editor lets you change
PDF documents with ease, and comes with a built-in OCR engine that can
transform scanned documents into editable files. Fill up forms, annotate
and sign them as part of your workflow, and easily merge multiple documents
or delete selected pages as necessary.

If you use a large display or multiple monitors, NitroPDF also offers the
ability to display PDF documents side-by-side so that you can pore through
multiple documents. Of course, you could use AquaSnap to do that.

The vulnerabilities found in Nitro PDF are:

1) Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command
Execution
2) App.launchURL Command Execution
3) JPEG2000 npdf.dll Use-After-Free
4) Forms Parsing NPForms.npp Use-After-Free
5) File Parsing Count Field npdf.dll Memory Corruption
6) NewWindow Launch Action NPActions.npp Command
7) URI Action NPActions.npp Command Execution

This report contain the following vulnerabilities:

1) Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command
Execution
2) App.launchURL Command Execution
3) JPEG2000 npdf.dll Use-After-Free

*Credit*
Two independent security researchers have reported these vulnerabilities to
Beyond Security’s SecuriTeam Secure Disclosure program.

*Vendor response*
The vendor has released patches to address this vulnerability. “Number of
the reported vulnerabilities have been resolved and confirmed, and will
included in our next release of Nitro Pro, 11.05.”

For more details: https://www.gonitro.com/support/downloads#securityUpdates


--
Thanks
Maor Shwartz
GPG Key ID: 93CC36E2DE7FF514

Attachment: SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities – SecuriTeam Blogs.pdf
Description: Adobe PDF document

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation
Next by Date: [FD] Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform
Previous by thread: [FD] CVE-2017-9457 CompuLab Intense PC lacks firmware signature validation
Next by thread: [FD] Faraday v2.6: Collaborative Penetration Test and Vulnerability Management Platform
Index(es):
- Date
- Thread