Detections
Analytics
Nuance PDF Reader pdfcore8.dll Heap Buffer Overflow
high Nessus Plugin ID 67122
Language:
Synopsis
The remote Windows host has an application that is affected by a heap-based buffer overflow vulnerability.Description
The version of Nuance PDF Reader installed on the remote host is prior to 8.1. As such, it is affected by a heap-based buffer overflow vulnerability. The vulnerability exists in the 'PDFCore8.dll' when allocating memory for a font table directory during the handling of naming tables when handling TTF files.An attacker could exploit this issue by tricking a user into opening a specially crafted document, resulting in arbitrary code execution.
Solution
Upgrade to Nuance PDF Reader 8.1 or later.See Also
https://www.nuance.com/print-capture-and-pdf-solutions/pdf-and-document-conversion/pdf-reader.html
Plugin Details
Severity: High
ID: 67122
File Name: nuance_pdf_reader_pdfcore_heap_overflow.nasl
Version: 1.3
Type: local
Agent: windows
Family: Windows
Published: 7/2/2013
Updated: 11/15/2018
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 6.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: cpe:/a:nuance:pdf_reader
Required KB Items: SMB/Nuance_PDF_Reader/Installed
Exploit Ease: No known exploits are available
Patch Publication Date: 6/4/2013
Vulnerability Publication Date: 6/4/2013
Reference Information
CVE: CVE-2013-0732
BID: 60315