CVE-2024-35288: 
Nitro Pro vulnerability analysis and mitigation

Nitro PDF Pro versions before 13.70.8.82 and 14.x before 14.26.1.0 contain a Local Privilege Escalation vulnerability in the MSI Installer (CVE-2024-35288). The vulnerability was discovered on December 19, 2023, by Sandro Einfeldt and Michael Baer from SEC Consult Vulnerability Lab and was publicly disclosed on September 30, 2024 (SEC Consult).

The vulnerability exists in the MSI installer's custom actions when running in repair mode. The installer executes custom actions unsafely, where CertUtil is run in a conhost.exe window. During the repair process, three sub-processes (certutil.exe) perform certificate store operations, which run in the context of NT AUTHORITY\SYSTEM. The vulnerability allows for a mechanism using CTRL+o to launch cmd.exe as NT AUTHORITY\SYSTEM. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (NVD).

When successfully exploited, this vulnerability allows attackers with low-privileged system access to escalate privileges and obtain a command prompt running in the context of NT AUTHORITY\SYSTEM, effectively gaining complete system control (SEC Consult).

The vendor has released patches to address this vulnerability in versions 13.70.8.82 and 14.26.1.0. Users are strongly advised to upgrade to these or newer versions immediately. The patches can be downloaded from the official Nitro PDF Pro website (SEC Consult).