CVE-2017-2796

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-2796. PoCs published by SecuriTeam.

AI-analyzed exploit summary The provided code includes a functional proof-of-concept exploit for CVE-2017-2796, targeting Nitro PDF Pro. It demonstrates a directory traversal vulnerability via the `Doc.saveAs` function and a command execution vulnerability via the `App.launchURL` function, both of which can lead to remote code execution.

Description

Nitro Pro PDF - Multiple Vulnerabilities

Exploits (1)

exploitdb WORKING POC

by SecuriTeam · localwindows

https://www.exploit-db.com/exploits/44063

View Code ZIP pw:eip

The provided code includes a functional proof-of-concept exploit for CVE-2017-2796, targeting Nitro PDF Pro. It demonstrates a directory traversal vulnerability via the `Doc.saveAs` function and a command execution vulnerability via the `App.launchURL` function, both of which can lead to remote code execution.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Nitro PDF Pro (versions prior to 11.05)

No auth needed

Prerequisites: Victim must open a malicious PDF file

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter T1203 - Exploitation for Client Execution

devstral-2 · analyzed May 19, 2026 Full analysis →

Nitro Pro PDF - Multiple Vulnerabilities

Exploitation Summary

Description

Exploits (1)

Details