Adobe Download Manager < 2.2 AOM File Handling Section Name Overflow

This script is Copyright (C) 2006-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application that is prone to a buffer
overflow attack.

Description :

There is a version Adobe Download Manager installed on the remote
Windows host that is vulnerable to a remote buffer overflow attack
because the application fails to perform boundary checks while
processing AOM files. In order to trigger this issue, an attacker
needs to entice a user to visit a website hosting the malicious AOM
file or send the AOM file as an email attachment and have the user
click on it. Successful exploitation of this issue might result in
arbitrary code execution.

See also :

http://research.eeye.com/html/advisories/published/AD20061205.html
http://seclists.org/fulldisclosure/2006/Dec/121
http://www.adobe.com/support/security/bulletins/apsb06-19.html

Solution :

Either uninstall the application or upgrade to Adobe Download Manager
version 2.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:W/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 23779 (adobe_aom_buffer_overflow_vulnerability.nasl)

Bugtraq ID: 21453

CVE ID: CVE-2006-5856

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now