PDF-XChange Viewer/PDF-XChange PDF File Handling Memory Corruption

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

It may be possible to execute arbitrary code on the remote system.

Description :

A version of PDF-XChange Viewer, PDF-XChange PDF Viewer SDK or
PDF-XChange installed on the remote host fails to validate input while
opening certain specially crafted PDF files.

By tricking users into opening a malicious PDF file, a remote attacker
could exploit this flaw to execute arbitrary code on the remote
system.

See also :

http://secunia.com/secunia_research/2009-64/
http://seclists.org/fulldisclosure/2010/Jan/23
http://www.docu-track.com/news/show/80

Solution :

Upgrade to :

- PDF-XChange Viewer/PDF-XChange PDF Viewer SDK 2.0 Build 44 (2.044) or later.
- PDF-XChange 4.0 Build 174 (4.0174) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 44048 ()

Bugtraq ID: 37582

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now