This host is installed with Adobe Reader and is prone to multiple vulnerabilities.

Successful exploitation will allow attacker to execute arbitrary code or cause a denial of service via a crafted PDF document. Impact Level: System/Application

Upgrade to Adobe Reader version 9.3.2 or later, For updates refer to http://www.adobe.com

The flaws are due to: - An error in custom heap management system, allows the attackers to execute arbitrary code via a crafted PDF document. - An error in handling of 'Launch File warning dialog' which does not restrict the contents of one text field allows attackers to execute arbitrary local program that was specified in a PDF document.

Adobe Reader version 9.3.1 on Windows.

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

• http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
• http://www.adobe.com/support/security/bulletins/apsb10-17.html
• http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li
• http://www.exploit-db.com/exploits/16671

---

Updated on 2017-03-28