CVE-2017-7442
HIGHNitro Pro 11.0.3.173 - RCE
Title source: llmDescription
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by Metasploit · rubylocalwindows
https://www.exploit-db.com/exploits/42418
metasploit
WORKING POC
EXCELLENT
rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/nitro_reader_jsapi.rb
Scores
CVSS v3
8.8
EPSS
0.7030
EPSS Percentile
98.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Classification
CWE
CWE-22
Status
draft
Affected Products (1)
gonitro/nitro_pro
Timeline
Published
Aug 03, 2017
Tracked Since
Feb 18, 2026