Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormM. HeinzlPACKETSTORM:121179
HistoryApr 09, 2013 - 12:00 a.m.

Nitro Pro 8 Insecure Library Loading

2013-04-0900:00:00
M. Heinzl
packetstormsecurity.com
28

0.001 Low

EPSS

Percentile

20.9%

JSON
`SEC Consult Vulnerability Lab Security Advisory < 20130408-0 >  
=======================================================================  
title: Nitro Pro 8 - Insecure Library Loading Allows Remote Code  
Execution (DLL Hijacking)  
product: Nitro Pro  
vulnerable version: 8.5.0.26; older versions may also be affected  
fixed version: 8.5.2.10  
CVE number: CVE-2013-2773  
impact: high  
homepage: http://www.nitropdf.com/  
found: 2013-03-01  
by: M. Heinzl  
SEC Consult Vulnerability Lab  
https://www.sec-consult.com  
=======================================================================  
  
Vendor description:  
-------------------  
>From companies like Boeingยฎ and IBMยฎ to small home businesses with just a few  
staff, millions of people worldwide use Nitro Products ย— like Nitro Pro and  
Nitro Reader ย— to make PDF easy.  
Australian-founded in 2005, we're headquartered in downtown San Francisco with  
offices in Melbourne, Australia and Nitra Slovakia.  
  
Source: http://www.nitropdf.com/about  
  
  
Vulnerability overview/description:  
-----------------------------------  
Nitro Pro is prone to a vulnerability that lets attackers execute arbitrary  
code. An attacker can exploit this issue by enticing a legitimate user to use  
the vulnerable application to open a file from a remote WebDAV or SMB share  
which contains a specially crafted DLL.  
  
Affected DLL: bcgcbproresen.dll (tested on Windows 8)  
  
  
Proof of concept:  
-----------------  
Create a DLL with desired code, name it bcgcbproresen.dll and place it within  
the same folder as a *.pdf or *.fdf file.  
  
  
Vulnerable / tested versions:  
-----------------------------  
Nitro Pro 8.5.0.26; older versions may also be affected  
  
  
Vendor contact timeline:  
------------------------  
2013-03-01: Contacting vendor through http://www.nitropdf.com/support/ticket  
2013-03-01: Vendor replies  
2013-03-01: Forwarded security advisory  
2013-03-01: vendor replies  
2013-03-01: Provided again contact details  
2013-03-08: Contaced vendor again to inquire status  
2013-03-13: Vendor replies that they are working on a hotfix  
2013-03-14: Confirmed receipt of last email  
2013-03-27: Contaced vendor again to inquire status  
2013-04-02: Vendor replied that a patch was released on 2013-03-28 which fixes  
the vulnerability (version 8.5.2.10)  
2013-04-02: Confirmed receipt of last email and coordinated public disclosure  
of advisory for 2013-04-08  
2013-04-08: SEC Consult releases coordinated security advisory.  
  
  
Solution:  
---------  
Update to version 8.5.2.10.  
  
  
Workaround:  
-----------  
-  
  
  
Advisory URL:  
-------------  
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm  
  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
SEC Consult Unternehmensberatung GmbH  
  
Office Vienna  
Mooslackengasse 17  
A-1190 Vienna  
Austria  
  
Tel.: +43 / 1 / 890 30 43 - 0  
Fax.: +43 / 1 / 890 30 43 - 25  
Mail: research at sec-consult dot com  
https://www.sec-consult.com  
http://blog.sec-consult.com  
  
EOF M. Heinzl / @2013  
  
  
`

Related

cve 1
cvelist 1
nvd 1
prion 1
nessus 1
cve
cve
CVE-2013-2773
2020-01-14 15:15:12
cvelist
cvelist
CVE-2013-2773
2020-01-14 14:25:06
nvd
nvd
CVE-2013-2773
2020-01-14 15:15:12
prion
prion
Design/Logic Flaw
2020-01-14 15:15:00
nessus
nessus
Nitro Pro Insecure Library Loading
2013-04-18 00:00:00

0.001 Low

EPSS

Percentile

20.9%

JSON
Related for PACKETSTORM:121179
cve1cvelist1nvd1prion1nessus1