SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerability Summary
The following advisory describes a use after free vulnerability that leads to remote code execution found in Acrobat Reader DC version 2017.009.20044.

Credit
A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam Secure Disclosure program

Vendor response
The vendor has released patches to address this vulnerability.
For more information: http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/DC/dccontinuousaug2017.html#dccontinuousaugusttwentyseventeen

CVE: CVE-2017-11254

Continue reading SSD Advisory – Acrobat Reader DC – Stream Object Remote Code Execution

SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities

Want to get paid for a vulnerability similar to this one?
Contact us at: sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom

Vulnerabilities Summary
The following advisory describes three vulnerabilities found in Nitro / Nitro Pro PDF.

Nitro Pro is the PDF reader and editor that does everything you will ever need to do with PDF files. The powerful but snappy editor lets you change PDF documents with ease, and comes with a built-in OCR engine that can transform scanned documents into editable files. Fill up forms, annotate and sign them as part of your workflow, and easily merge multiple documents or delete selected pages as necessary.

If you use a large display or multiple monitors, NitroPDF also offers the ability to display PDF documents side-by-side so that you can pore through multiple documents. Of course, you could use AquaSnap to do that.

The vulnerabilities found in Nitro PDF are:

  • Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command Execution
  • App.launchURL Command Execution
  • JPEG2000 npdf.dll Use-After-Free
  • Forms Parsing NPForms.npp Use-After-Free
  • File Parsing Count Field npdf.dll Memory Corruption
  • NewWindow Launch Action NPActions.npp Command
  • URI Action NPActions.npp Command Execution

This report contain the following vulnerabilities:

  • Doc.saveAs Directory Traversal Arbitrary File Write that lead to Command Execution
  • App.launchURL Command Execution
  • JPEG2000 npdf.dll Use-After-Free

Credit
Two independent security researchers, Steven Seeley and anonymous, have reported these vulnerabilities to Beyond Security’s SecuriTeam Secure Disclosure program.

Vendor response
The vendor has released patches to address this vulnerability. “Number of the reported vulnerabilities have been resolved and confirmed, and will included in our next release of Nitro Pro, 11.05.”

For more details: https://www.gonitro.com/support/downloads#securityUpdates
Continue reading SSD Advisory – Nitro Pro PDF Multiple Vulnerabilities