Thursday, October 14, 2021

Vulnerability Spotlight: Code execution vulnerabilities in Nitro Pro PDF



A Cisco Talos team member discovered these vulnerabilities. Blog by Jon Munshaw. 

Cisco Talos recently discovered multiple vulnerabilities in the Nitro Pro PDF reader that could allow an attacker to execute code in the context of the application. 

Nitro Pro PDF is part of Nitro Software’s Productivity Suite. Pro PDF allows users to create and modify PDFs and other digital documents. It includes support for several capabilities via third-party libraries to parse the PDFs.

TALOS-2021-1265 (CVE-2021-21796) is a use-after-free vulnerability that can be triggered if a target opens a specially crafted, malicious PDF.  

TALOS-2021-1266 (CVE-2021-21797) is a double-free vulnerability that can cause a reference to a timeout object to be stored in two different places, eventually leading to the ability to execute code under the context of the application. 

Cisco Talos worked with Nitro to disclose these vulnerabilities following Cisco’s vulnerability disclosure policy. While Nitro did not have an update initially available at the time we disclosed these vulnerabilities, they have since released fixes for these issues

Users are encouraged to update these affected products as soon as possible: Nitro Pro versions 13.31.0.605 and 13.33.2.645. Talos tested and confirmed these versions of the PDF reader could be exploited by this vulnerability. In addition to applying the patches, these vulnerabilities can also be mitigated if users disable the use of JavaScript in the software’s settings. 

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57303, 57304, 57294 and 57295. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org. 

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.