DjVu Browser Plug-in < 6.1.1 Multiple Buffer Overflows

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

A browser plugin on the remote Windows host is affected by multiple
buffer overflow vulnerabilities.

Description :

The DjVu Browser Plug-in is installed on the remote Windows host. This
plugin provides the primary means of viewing DjVu documents, which are
used for publishing scanned books, catalogs, historical documents,
research papers, manuals, etc.

The version of the DjVu Browser Plug-in installed on the remote host
reportedly is affected by several buffer overflows involving various
functions. An attacker may be able to leverage these issues to execute
arbitrary code on the remote host subject to the user's privileges if
the user can be tricked into viewing a specially crafted web page.

See also :

http://seclists.org/fulldisclosure/2007/Feb/348
http://www.nessus.org/u?ae522049

Solution :

Upgrade to DjVu Browser Plug-in version 6.1.1 or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 24670 (djvu_browser_plugin_611.nasl)

Bugtraq ID: 22569

CVE ID: CVE-2007-0324

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now