Security experts from Cisco Talos have discovered three vulnerabilities in the Nitro Pro PDF editor, two of which rated as critical (CVSS score of 8.8) could be exploited by attackers for remote code execution.
Nitro Pro is a PDF application designed for creating, reading, editing, signing, converting, and protecting PDFs. The software is part of Nitro Software’s suite of enterprise tools, used by tens of thousands of organizations.
The first issue, tracked as CVE-2020-6074, is a nested pages remote code execution vulnerability that resides the PDF parser of Nitro Pro. An attacker could exploit the vulnerability by tricking the victims into opening a specially crafted PDF to trigger a use-after-free condition.
“An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 220.127.116.11. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.” reads the advisory published by the company.
The second vulnerability, tracked as CVE-2020-6092, is an object code execution vulnerability that resides in the way Nitro Pro 18.104.22.168 parses Pattern objects. An attacker could exploit the flaw by tricking the victims into opening a specially crafted PDF and trigger an integer overflow and then achieve remote code execution.
“An exploitable code execution vulnerability exists in the way Nitro Pro 22.214.171.124 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. A victim must open a malicious file to trigger this vulnerability” continues the advisory.
The information disclosure vulnerability exists in the way the version 126.96.36.199 handles XML errors,e it could be exploited by an attacker by tricking the victims into opening a specially crafted PDF document that can cause uninitialized memory access and consequent information disclosure.
Cisco security researchers also identified an information disclosure vulnerability in the application. Tracked as CVE-2020-6093 and carrying a CVSS score of 6.5, the bug is related to the way Nitro Pro does XML error handling.
In early May, the software vendor released a security update that address the above vulnerabilities.
(SecurityAffairs – PDF, hacking)
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.