R-Viewer < 1.6.3768 Multiple Vulnerabilities

This script is Copyright (C) 2007-2015 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has a program that is affected by multiple
issues.

Description :

R-Viewer, a secure document viewer from remotedocs.com, is installed
on the remote host.

According to the registry, the installation of R-Viewer on the remote
Windows host allows arbitrary code to be executed without a user's
knowledge and stores unencrypted copies of previously-opened documents
in temporary directories. If an attacker can trick a user into opening
a specially crafted RDZ file, he can leverage these issues to view
files or execute code on the affected system subject to the user's
privileges.

See also :

http://www.nessus.org/u?96b96330
http://www.securityfocus.com/archive/1/479718

Solution :

Upgrade to R-Viewer version 1.6.3768 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 26062 ()

Bugtraq ID: 25591

CVE ID: CVE-2007-4750
CVE-2007-4751

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now