CVE-2024-35288

EUVD-2024-35262
Nitro PDF Pro before 13.70.8.82 and 14.x before 14.26.1.0 allows Local Privilege Escalation in the MSI Installer because custom actions occur unsafely in repair mode. CertUtil is run in a conhost.exe window, and there is a mechanism allowing CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 49%
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
gonitronitro_pdf_pro
𝑥
< 13.70.8.82
ADP
gonitronitro_pdf_pro
14.0 ≤
𝑥
< 14.26.1.0
ADP
References
https://sec-consult.com/vulnerability-lab/advisory/local-privilege-escalation-via-msi-installer-in-nitro-pdf-pro/
https://seclists.org/fulldisclosure/2024/Sep/59
https://www.gonitro.com/support/downloads#securityUpdates
http://seclists.org/fulldisclosure/2024/Sep/59