CVE-2017-7442: Nitro Pro PDF Reader 11.0.3.173 – Javascript API Remote Code Execution (Metasploit)
Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution
This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro
PDF Reader version 11. The saveAs() Javascript API function allows for writing
arbitrary files to the file system. Additionally, the launchURL() function allows
an attacker to execute local files on the file system and bypass the security dialog
Note: This is 100% reliable.
Module Name
exploit/windows/fileformat/nitro_reader_jsapi
Source: https://www.rapid7.com/db/modules/exploit/windows/fileformat/nitro_reader_jsapi
