lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 24 Jul 2017 08:42:49 +0300
From: Maor Shwartz <maors@...ondsecurity.com>
To: fulldisclosure@...lists.org
Cc: SecuriTeam Secure Disclosure <ssd@...ondsecurity.com>
Subject: [FD] SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Link: https://blogs.securiteam.com/index.php/archives/3251
Twitter: @SecuriTeam_SSD

*Vulnerabilities Summary*
The following advisory describes three vulnerabilities found in Nitro /
Nitro Pro PDF.

Nitro Pro is the PDF reader and editor that does everything you will ever
need to do with PDF files. The powerful but snappy editor lets you change
PDF documents with ease, and comes with a built-in OCR engine that can
transform scanned documents into editable files. Fill up forms, annotate
and sign them as part of your workflow, and easily merge multiple documents
or delete selected pages as necessary.

If you use a large display or multiple monitors, NitroPDF also offers the
ability to display PDF documents side-by-side so that you can pore through
multiple documents. Of course, you could use AquaSnap to do that.

The vulnerabilities found in Nitro PDF are:

1) Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command
Execution
2) App.launchURL Command Execution
3) JPEG2000 npdf.dll Use-After-Free
4) Forms Parsing NPForms.npp Use-After-Free
5) File Parsing Count Field npdf.dll Memory Corruption
6) NewWindow Launch Action NPActions.npp Command
7) URI Action NPActions.npp Command Execution

This report contain the following vulnerabilities:

1) Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command
Execution
2) App.launchURL Command Execution
3) JPEG2000 npdf.dll Use-After-Free

*Credit*
Two independent security researchers have reported these vulnerabilities to
Beyond Security’s SecuriTeam Secure Disclosure program.

*Vendor response*
The vendor has released patches to address this vulnerability. “Number of
the reported vulnerabilities have been resolved and confirmed, and will
included in our next release of Nitro Pro, 11.05.”

For more details: https://www.gonitro.com/support/downloads#securityUpdates


--
Thanks
Maor Shwartz
GPG Key ID: 93CC36E2DE7FF514

Download attachment "SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities – SecuriTeam Blogs.pdf" of type "application/pdf" (138376 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ