Summary
This host is installed with Adobe Reader and is prone to Remote Code Execution Vulnerability.
Impact
Successful exploitation will allow attackers to bypass the security controls and execute arbitrary javascript code by launching javascript scheme URIs when a PDF file is being viewed in a browser.
Impact Level: System/Application
Solution
Update to Adobe Reader version 11.0.05 or later,
For updates refer to http://www.adobe.com/downloads/updates.html
Insight
The flaw is due to some error affecting javascript security controls.
Affected
Adobe Reader version 11.x before 11.0.05 on Windows
Detection
Get the installed version of Adobe Reader with the help of detect NVT and check it is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2013-5325 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)
- Adobe Flash Player Arbitrary Code Execution Vulnerability (Linux)