CVE-2020-6116
published 2020-09-17CVE-2020-6116: An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a…
PriorityP351high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
28.42%
97.9th percentile
An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its colors. When using this allocated buffer, the application can write outside its bounds and cause memory corruption which can lead to code execution. A specially crafted document must be loaded by a victim in order to trigger this vulnerability.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
| gonitro | nitro_pro | — | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat ASCII"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"ASCII"; nocase; pcre:"/.+ASCII\(.+SELECT/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007384; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UNION SELECT"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"UNION"; nocase; pcre:"/.+UNION\s+SELECT/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007381; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat SELECT"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"SELECT"; nocase; pcre:"/.+SELECT.+FROM/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007380; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat INSERT"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"INSERT"; nocase; pcre:"/.+INSERT.+INTO/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007382; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat DELETE"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"DELETE"; nocase; pcre:"/.+DELETE.+FROM/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007383; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre
Suricata
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE
suricata·2010-07-30·CVSS 7.5
CVE-2006-6116 [HIGH] ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE
ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET WEB_SPECIFIC_APPS fipsForum SQL Injection Attempt -- default2.asp kat UPDATE"; flow:established,to_server; http.uri; content:"/default2.asp?"; nocase; content:"kat="; nocase; content:"UPDATE"; nocase; pcre:"/.+UPDATE.+SET/i"; reference:cve,CVE-2006-6116; reference:url,www.milw0rm.com/exploits/2830; classtype:web-application-attack; sid:2007385; rev:7; metadata:affected_product Web_Server_Applications, attack_target Web_Server, created_at 2010_07_30, deployment Datacenter, confidence Medium, signature_severity Major, tag SQL_Injection, updated_at 2020_09_09, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_
No public exploits indexed.
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-09-15·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro Pro to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
Nitro Pro Indexed ColorSpace rendering code execution vulnerability (TALOS-2020-1070/CVE-2020-6116)
An arbitrary code execution vulnerability exists in the rendering
Talos
Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
blogs_talos·2020-09-15·CVSS 7.8
[HIGH] Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
## Vulnerability Spotlight: Multiple vulnerabilities in Nitro Pro PDF reader
Cisco Talos researchers discovered these vulnerabilities. Blog by Jon Munshaw.
Cisco Talos recently discovered multiple code execution vulnerabilities in the Nitro Pro PDF reader. Nitro PDF allows users to save, read, sign and edit PDFs on their computers. The software contains vulnerabilities that could allow adversaries to exploit a victim machine in multiple ways that would eventually allow them to execute code.
In accordance with our coordinated disclosure policy, Cisco Talos worked with Nitro Pro to ensure that these issues are resolved and that an update is available for affected customers.
## Vulnerability details
Nitro Pro Indexed ColorSpace rendering code execution vulnerability (TALOS-2020-1070/CVE-
2020-09-17
Published