PDF-XChange Viewer/PDF-XChange PDF File Handling Memory Corruption

high Nessus Plugin ID 44048

Language:

Synopsis

It may be possible to execute arbitrary code on the remote system.

Description

A version of PDF-XChange Viewer, PDF-XChange PDF Viewer SDK or PDF-XChange installed on the remote host fails to validate input while opening certain specially crafted PDF files.

By tricking users into opening a malicious PDF file, a remote attacker could exploit this flaw to execute arbitrary code on the remote system.

Solution

Upgrade to :

- PDF-XChange Viewer/PDF-XChange PDF Viewer SDK 2.0 Build 44 (2.044) or later.
- PDF-XChange 4.0 Build 174 (4.0174) or later.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2009-64/

https://seclists.org/fulldisclosure/2010/Jan/23

https://www.tracker-software.com/company/news_press_events/view/80

Plugin Details

Severity: High

ID: 44048

File Name: pdf-xchange_multiple_products_mem_corruption.nasl

Version: 1.8

Type: local

Agent: windows

Family: Windows

Published: 1/18/2010

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Exploit Ease: No known exploits are available

Patch Publication Date: 12/30/2009

Vulnerability Publication Date: 12/30/2009

Reference Information

BID: 37582

Secunia: 37706