CVE-2019-19315

HIGH

Nalpeiron Licensing Service <7.3.4.0 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2019-19315. PoCs published by monoxgas.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2019-19315, which targets the Nalpeiron Licensing Service (NLSSRV32.exe). The exploit leverages weak ACLs on a mailslot to perform arbitrary disk reads, allowing an attacker to read raw sector data from local drives.

Description

NLSSRV32.EXE in Nalpeiron Licensing Service 7.3.4.0, as used with Nitro PDF and other products, allows Elevation of Privilege via the \\.\mailslot\nlsX86ccMailslot mailslot.

Exploits (1)

nomisec WORKING POC 4 stars

by monoxgas · poc

https://github.com/monoxgas/mailorder

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-19315, which targets the Nalpeiron Licensing Service (NLSSRV32.exe). The exploit leverages weak ACLs on a mailslot to perform arbitrary disk reads, allowing an attacker to read raw sector data from local drives.

Classification

Working Poc 100%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Nalpeiron Licensing Service (NLSSRV32.exe) <= v10 (e.g., Nitro PDF <= v10)

No auth needed

Prerequisites: Nalpeiron Licensing Service running · Access to the mailslot '\\.\mailslot\nlsX86ccMailslot'

MITRE ATT&CK

T1005 - Data from Local System T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Mitigation, Third Party Advisory x_refsource_misc

https://github.com/monoxgas/mailorder

Scores

CVSS v3 7.1

EPSS 0.0062

EPSS Percentile 44.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Details

CWE

CWE-732

Status published

Products (1)

nalpeiron/licensing_service 7.3.4.0

Published Dec 17, 2019

Tracked Since Feb 18, 2026