5 matches found
Nitro Pro PDF Reader JavaScript API Remote Code Execution (CVE-2017-7442)
A Remote Code Execution Vulnerability exists in JavaScript API of Nitro and Nitro Pro PDF Reader. The vulnerability is due to the use of trusted function which provides certain privileges that allows overwriting objects. A remote attacker can exploit this vulnerability by enticing the user to ope...
CVE-2017-7442
Summary (CVE-2017-7442) : Nitro Pro PDF Reader (version 11.0.3.173) is affected by a remote code execution vulnerability triggered via the Javascript API (saveAs and launchURL) that uses directory traversal sequences. Connected advisories describe a remote exploitation vector: convincing a user t...
CVE-2017-7442
creationtimestamp| type| source ---|---|--- 2017-08-02 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/42418 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/nitroreaderjsapi.rb 2025-02-06 03:13:43+00:00...
Nitro Pro PDF Reader 11.0.3.173 Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution', 'Description' = %q This module exploits an unsafe Javascript API implemente...
Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution
This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL function allows an attacker to execute local files on the file system and...