← volver
CVE-2024-35288

CVE-2024-35288

CVSS 7.8 HIGHEPSS 0.3%
Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
n/a · n/a

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
http://seclists.org/fulldisclosure/2024/Sep/59https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro/https://seclists.org/fulldisclosure/2024/Sep/59https://www.gonitro.com/support/downloads#securityUpdates