Three flaws in Nitro Pro PDF reader expose businesses to hack

Pierluigi Paganini May 20, 2020

Two vulnerabilities in the Nitro Pro PDF editor could be exploited by threat actors to execute code remotely on vulnerable hosts.

Security experts from Cisco Talos have discovered three vulnerabilities in the Nitro Pro PDF editor, two of which rated as critical (CVSS score of 8.8) could be exploited by attackers for remote code execution.

Nitro Pro is a PDF application designed for creating, reading, editing, signing, converting, and protecting PDFs. The software is part of Nitro Software’s suite of enterprise tools, used by tens of thousands of organizations.

nitro pro Nitro

The first issue, tracked as CVE-2020-6074, is a nested pages remote code execution vulnerability that resides the PDF parser of Nitro Pro. An attacker could exploit the vulnerability by tricking the victims into opening a specially crafted PDF to trigger a use-after-free condition.

“An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. An attacker can provide a malicious file to trigger this vulnerability.” reads the advisory published by the company.

The second vulnerability, tracked as CVE-2020-6092, is an object code execution vulnerability that resides in the way Nitro Pro 13.9.1.155 parses Pattern objects. An attacker could exploit the flaw by tricking the victims into opening a specially crafted PDF and trigger an integer overflow and then achieve remote code execution.

“An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. A victim must open a malicious file to trigger this vulnerability” continues the advisory.

The third flaw is a Javascript XML error handling information disclosure vulnerability, tracked as CVE-2020-6093.

The information disclosure vulnerability exists in the way the version 13.9.1.155 handles XML errors,e it could be exploited by an attacker by tricking the victims into opening a specially crafted PDF document that can cause uninitialized memory access and consequent information disclosure.

Cisco security researchers also identified an information disclosure vulnerability in the application. Tracked as CVE-2020-6093 and carrying a CVSS score of 6.5, the bug is related to the way Nitro Pro does XML error handling.

In early May, the software vendor released a security update that address the above vulnerabilities.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – PDF, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment