Adobe Acrobat < 8.1.1 Crafted PDF File Arbitrary Code Execution

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The version of Adobe Acrobat on the remote Windows host allows
execution of arbitrary code.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 8.1.1. Such versions allow execution of arbitrary code by means
of a specially crafted PDF file with a malicious 'mailto:' link.

Note that the issue only exists on systems running Windows XP or
Windows 2003 with Internet Explorer 7.0.

See also :

Solution :

Upgrade to Adobe Acrobat 8.1.1 or later or disable 'mailto' support as
described in the vendor advisory.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40799 (adobe_acrobat_811.nasl)

Bugtraq ID: 25748

CVE ID: CVE-2007-5020

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now