Adobe Reader < 8.0 AcroPDF ActiveX Control Multiple Vulnerabilities

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an ActiveX control that is affected by
arbitrary code execution vulnerabilities.

Description :

The remote host contains a version of the 'AcroPDF' ActiveX control
included with Adobe Reader and Acrobat.

The version of this ActiveX control on the remote host reportedly
exposes several methods that fail to handle malformed arguments. If an
attacker can trick a user on the affected host into visiting a
specially crafted web page, he can leverage these issues to execute
arbitrary code on the host subject to the user's privileges.

See also :

http://www.nessus.org/u?827c7862
http://www.securityfocus.com/archive/1/archive/1/453579/100/0/threaded
http://www.adobe.com/support/security/bulletins/apsb06-20.html

Solution :

Either upgrade to Adobe Reader 8.0 or replace the version of
'AcroPDF.dll' as described in the vendor bulletin referenced above.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:F/RL:W/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 23776 (adobe_acropdf_activex_mult_vulns.nasl)

Bugtraq ID: 21155
21338
21813

CVE ID: CVE-2006-6027
CVE-2006-6236

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now