This script is Copyright (C) 2008-2013 Tenable Network Security, Inc.
The PDF file viewer on the remote Windows host is affected by multiple
The version of Adobe Reader installed on the remote host is earlier
than 8.1.2 or 7.1.0. Such versions are reportedly affected by
multiple vulnerabilities :
- A design error vulnerability may allow an attacker to
gain control of a user's printer.
- Multiple stack-based buffer overflows may allow an
attacker to execute arbitrary code subject to the
- Insecure loading of 'Security Provider' libraries may
allow for arbitrary code execution.
in the 'EScript.api' plug-in allows direct control
over low-level features of the object, which allows
for execution of arbitrary code as the current user.
- Two vulnerabilities in the unpublicized function
'app.checkForUpdate()' exploited through a callback
function could lead to arbitrary code execution in
Adobe Reader 7.
See also :
Upgrade to Adobe Reader 8.1.2 / 7.1.0 or later.
Risk factor :
High / CVSS Base Score : 9.3
CVSS Temporal Score : 8.1
Public Exploit Available : true