Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader

Aleksandar Nikolic and Cory Duplantis of Cisco Talos discovered these vulnerabilities. Blog by Jon Munshaw. Cisco Talos recently discovered two code execution vulnerabilities and an information disclosure flaw in Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on...

PDF-XChange Viewer 2.5 (Build 314.0) Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta...

PDF-XChange Viewer 2.5 Build 314.0 - Code Execution

Exploit Title: PDF-XChange Viewer 2.5 Build 314.0 Javascript API Remote Code Execution Exploit Powershell PDF Exploit Creation Date: 21-08-2017 Software Link 32bit: http://pdf-xchange-viewer.it.uptodown.com/windows Exploit Author: Daniele Votta Contact: [email protected] Website:...

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro PDF Reader version 11. The saveAs Javascript API function allows for writing arbitrary files to the file system. Additionally, the launchURL function allows an attacker to execute local files on the file system and...