Adobe Reader < 8.1.1 Crafted PDF File Arbitrary Code Execution

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.

Synopsis :

The PDF file viewer on the remote Windows host allows execution of
arbitrary code.

Description :

The installation of Adobe Reader on the remote host allows execution
of arbitrary code by means of a specially crafted PDF file with a
malicious 'mailto:' link.

Note that the issue only exists on systems running Windows XP or
Windows 2003 with Internet Explorer 7.0.

See also :

Solution :

Upgrade to Adobe Reader 8.1.1 or later or disable 'mailto' support as
described in the vendor advisory above.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 27584 (adobe_reader_811.nasl)

Bugtraq ID: 25748

CVE ID: CVE-2007-5020

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now