Vulnerabilities

CVE-2024-35288

by Fred · 09/10/2024

Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITYSYSTEM.

More information : http://seclists.org/fulldisclosure/2024/Sep/59

Similar

Tags: Cybersecurity Alert