Lucene search
K

5 matches found

Check Point Advisories
Check Point Advisories
added 2017/08/13 12:0 a.m.7 views

Nitro Pro PDF Reader JavaScript API Remote Code Execution (CVE-2017-7442)

A Remote Code Execution Vulnerability exists in JavaScript API of Nitro and Nitro Pro PDF Reader. The vulnerability is due to the use of trusted function which provides certain privileges that allows overwriting objects. A remote attacker can exploit this vulnerability by enticing the user to ope...

6.8CVSS3.3AI score0.40692EPSS
Exploits6
CVE
CVE
added 2017/08/03 8:0 a.m.97 views

CVE-2017-7442

Summary (CVE-2017-7442) : Nitro Pro PDF Reader (version 11.0.3.173) is affected by a remote code execution vulnerability triggered via the Javascript API (saveAs and launchURL) that uses directory traversal sequences. Connected advisories describe a remote exploitation vector: convincing a user t...

8.8CVSS9AI score0.40692EPSS
Exploits6References2Affected Software1
Circl
Circl
added 2017/08/02 12:0 a.m.32 views

CVE-2017-7442

creationtimestamp| type| source ---|---|--- 2017-08-02 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42418 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/nitroreaderjsapi.rb 2025-02-06 03:13:43+00:00...

8.8CVSS8.6AI score0.40692EPSS
Exploits6References2
Packet Storm
Packet Storm
added 2017/08/02 12:0 a.m.193 views

Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution', 'Description' = %q This module exploits an unsafe Javascript API implemente...

0.5AI score0.40692EPSS
Exploits6
Metasploit
Metasploit
added 2017/07/24 3:21 p.m.84 views

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL function allows an attacker to execute local files on the file system and...

8.8CVSS10AI score0.40692EPSS
Exploits6
Rows per page
Query Builder