QID 375973

Date Published: 2021-10-25

QID 375973: Nitro Pro PDF Remote Code Execution Vulnerability

Nitro Pro allow you to create PDF files, collaborate and review, fill and save forms, add text to pages and sign PDF files.

Affected Software:
Nitro Pro v 13.47.4.957 and earlier

QID Detection Logic:
It checks for vulnerable version of Nitro Pro by checking the file version of NitroPDF.exe.

Successful exploitation of vulnerability allows code execution under the context of the application. An attacker can convince a user to open a document to trigger the vulnerability.

CVSS V3 rated as High - 7.8 severity.

CVSS V2 rated as High - 6.8 severity.

Solution

Customers are advised to install the latest versions of Nitro Pro to remediate this vulnerability.

Vendor References

gonitro - talosintelligence.com/vulnerability_reports/TALOS-2021-1267

CVEs related to QID 375973

CVE-2021-21798 |

Software Advisories

Advisory ID	Software	Component	Link
CVE-2021-21798			www.gonitro.com/security/updates

By selecting these links, you may be leaving CVEreport webspace. We have provided these links to other websites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other websites that are more appropriate for your purpose. CVEreport does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, CVEreport does not endorse any commercial products that may be mentioned on these sites. Please address comments about any linked pages to [email protected].