CVE-2017-7442: Nitro Pro PDF Reader 11.0.3.173 – Javascript API Remote Code Execution (Metasploit)

Exploitivator

Nitro Pro PDF Reader 11.0.3.173 Javascript API Remote Code Execution

This module exploits an unsafe Javascript API implemented in Nitro and Nitro Pro
PDF Reader version 11. The saveAs() Javascript API function allows for writing
arbitrary files to the file system. Additionally, the launchURL() function allows
an attacker to execute local files on the file system and bypass the security dialog
Note: This is 100% reliable.

Module Name

exploit/windows/fileformat/nitro_reader_jsapi

Source: https://www.rapid7.com/db/modules/exploit/windows/fileformat/nitro_reader_jsapi