For example, a Word document in Microsoft Word, or online content in your web browser. Open the document you wish to convert in its authoring program.In early May, the software vendor released a security update that address the above vulnerabilities.If you use an application that can print files, then you can also use that application to create PDF documents. Nitro PDF Creator is included in Nitro Pro, and is a virtual printer that enables you to create a PDF file from any application capable of printing. Nitro PDF Creator is ready to use without requiring any configuration, and is automatically installed to your Windows printer manager. Tracked as CVE-2020-6093 and carrying a CVSS score of 6.5, the bug is related to the way Nitro Pro does XML error handling. The information disclosure vulnerability exists in the way the version 13.9.1.155 handles XML errors,e it could be exploited by an attacker by tricking the victims into opening a specially crafted PDF document that can cause uninitialized memory access and consequent information disclosure.Ĭisco security researchers also identified an information disclosure vulnerability in the application. The third flaw is a Javascript XML error handling information disclosure vulnerability, tracked as CVE-2020-6093. A victim must open a malicious file to trigger this vulnerability” continues the advisory.
A specially crafted PDF file can trigger an integer overflow that can lead to arbitrary code execution. “An exploitable code execution vulnerability exists in the way Nitro Pro 13.9.1.155 parses Pattern objects. The second vulnerability, tracked as CVE-2020-6092, is an object code execution vulnerability that resides in the way Nitro Pro 13.9.1.155 parses Pattern objects. An attacker could exploit the flaw by tricking the victims into opening a specially crafted PDF and trigger an integer overflow and then achieve remote code execution.
An attacker can provide a malicious file to trigger this vulnerability.” reads the advisory published by the company. A specially crafted PDF document can cause a use-after-free which can lead to remote code execution. “An exploitable code execution vulnerability exists in the PDF parser of Nitro Pro 13.9.1.155. An attacker could exploit the vulnerability by tricking the victims into opening a specially crafted PDF to trigger a use-after-free condition. The first issue, tracked as CVE-2020-6074, is a nested pages remote code execution vulnerability that resides the PDF parser of Nitro Pro.
0 kommentar(er)
