activePDF Server < 3.8.6 Packet Handling Remote Overflow (credentialed check)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.

Synopsis :

The remote Windows host contains a program that is affected by a
buffer overflow vulnerability.

Description :

activePDF Server is installed on the remote host. It is used to
provide PDF generation and conversion from within enterprise and web

The version of activePDF Server installed on the remote host contains
a heap-based buffer overflow that can be triggered by sending a packet
specifying a size smaller than the actual size of the following data.
An unauthenticated, remote attacker may be able to leverage this issue
to crash the affected service or execute arbitrary code.

Note that the service runs with SYSTEM privileges, so successful
exploitation could lead to a complete compromise of the affected host.

See also :

Solution :

Upgrade to activePDF version 3.8.6 or later and make sure the file
version for the affected file is or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 31350 (activepdf_3_8_6_local.nasl)

Bugtraq ID: 28013

CVE ID: CVE-2007-5397

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial