Nitro PDF Pro Local Privilege Escalation –

– The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached MSI installer’s custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITYSYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected. – Read More  – Packet Storm