Cybersecurity specialists report the detection of a critical vulnerability in Nitro Pro, an application used to create, edit, sign, and secure Portable Document Format (PDF) files and other digital document types. According to the report, the successful exploitation of this flaw allows threat actors to run arbitrary code on affected systems.

Tracked as CVE-2021-21798, the flaw was described as a return of stack variable address issue in the JavaScript implementation, which allows remote attackers to trick a victim into opening a document and execute arbitrary code on the target implementation.

This report received a 7.7/10 score according to the Common Vulnerability Scoring System (CVSS) and it’s considered a high severity flaw.

According to the report, the flaw resides in the following versions of Nitro Pro: 13.31.0.605 & 13.33.2.645.

Even though this vulnerability could be exploited by remote non-authenticated threat actors, cybersecurity specialists have no detected active exploitation attempts. Still, Nitro Pro developers recommend updating to secured implementations.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.