Nitro.Pro.PDF.Reader.JS.API.Arbitrary.File.Write
Description
This indicates an attack attempt against an Directory Traversal vulnerability in Nitro PDF Reader.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application while handling maliciously crafted requests. A remote attacker can exploit this to save an arbitrary file on the targeted server via a crafted request.
Affected Products
Nitro PDF Reader 11.0.3.173 and prior
Nitro Pro PDF Reader 11.0.3.173 and prior
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor
https://www.gonitro.com/product/downloads#securityUpdates
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-06-13 | 14.632 | Severity:critical:high |