ID CVE-2013-0113 Type cve Reporter cve@mitre.org Modified 2013-02-26T05:00:00
Description
Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
{"openvas": [{"lastseen": "2017-07-02T21:11:23", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0113"], "description": "The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.", "modified": "2017-05-08T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:803329", "href": "http://plugins.openvas.org/nasl.php?oid=803329", "type": "openvas", "title": "Nuance PDF Reader Multiple Memory Corruption Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nuance_pdf_reader_mult_memory_corruption_vuln.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows an attacker to corrupt memory, execute\narbitrary code within the context of the user running the affected\napplication or failed attempts may cause a denial-of-service.\n\nImpact Level: System/Application\";\n\ntag_affected = \"Nuance PDF Reader version 7.0\";\n\ntag_insight = \"Multiple unspecified flaws as user input is not properly\nsanitized when handling PDF files.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.\";\n\nif(description)\n{\n script_id(803329);\n script_version(\"$Revision: 6079 $\");\n script_bugtraq_id(57851);\n script_cve_id(\"CVE-2013-0113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 15:51:39 +0530 (Mon, 11 Mar 2013)\");\n script_name(\"Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/248449\");\n script_xref(name : \"URL\" , value : \"http://en.securitylab.ru/nvd/438057.php\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/cve_reference/CVE-2013-0113\");\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_nuance_pdf_reader_detect_win.nasl\");\n script_mandatory_keys(\"Nuance/PDFReader/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nReaderVer =\"\";\n\n# Get the version from KB\nReaderVer = get_kb_item(\"Nuance/PDFReader/Win/Ver\");\n\n# Check for Nuance PDF Editor Version\nif(ReaderVer && ReaderVer == \"7.00.0000\")\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-12-06T16:44:17", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0113"], "description": "The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.", "modified": "2019-12-05T00:00:00", "published": "2013-03-11T00:00:00", "id": "OPENVAS:1361412562310803329", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803329", "type": "openvas", "title": "Nuance PDF Reader Multiple Memory Corruption Vulnerabilities", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803329\");\n script_version(\"2019-12-05T15:10:00+0000\");\n script_bugtraq_id(57851);\n script_cve_id(\"CVE-2013-0113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-12-05 15:10:00 +0000 (Thu, 05 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 15:51:39 +0530 (Mon, 11 Mar 2013)\");\n script_name(\"Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\");\n script_xref(name:\"URL\", value:\"http://www.kb.cert.org/vuls/id/248449\");\n script_xref(name:\"URL\", value:\"http://en.securitylab.ru/nvd/438057.php\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/cve_reference/CVE-2013-0113\");\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_nuance_pdf_reader_detect_win.nasl\");\n script_mandatory_keys(\"Nuance/PDFReader/Win/Ver\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows an attacker to corrupt memory, execute\narbitrary code within the context of the user running the affected\napplication or failed attempts may cause a denial-of-service.\");\n script_tag(name:\"affected\", value:\"Nuance PDF Reader version 7.0\");\n script_tag(name:\"insight\", value:\"Multiple unspecified flaws as user input is not properly\nsanitized when handling PDF files.\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.\");\n script_tag(name:\"summary\", value:\"The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\nReaderVer = get_kb_item(\"Nuance/PDFReader/Win/Ver\");\n\nif(ReaderVer && ReaderVer == \"7.00.0000\")\n{\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:41:52", "bulletinFamily": "info", "cvelist": ["CVE-2013-0113"], "description": "### Overview \n\nNuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description \n\nNuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of these products contain multiple exploitable memory-corruption vulnerabilities. We have found that both Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 are affected. \n \n--- \n \n### Impact \n\nBy convincing a user to view a specially crafted PDF document, an attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution \n\nWe are currently unaware of a practical solution to this problem. Please consider the following workarounds: \n \n--- \n \n**Use the Microsoft Enhanced Mitigation Experience Toolkit**\n\nThe [Microsoft Enhanced Mitigation Experience Toolkit](<http://support.microsoft.com/kb/2458544>) (EMET) can be used to help prevent exploitation of this vulnerability. CERT/CC has created a [video tutorial for setting up EMET 3.0](<http://www.youtube.com/watch?v=28_LUs_g0u4>) on Windows 7. Note that platforms that do not support ASLR, such as Windows XP and Windows Server 2003, will not receive the same level of protection that modern Windows platforms will. \n \n**Enable DEP in Microsoft Windows** \n \nConsider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts \"Understanding DEP as a mitigation technology\" [part 1](<http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>) and [part 2](<http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>). DEP should be used in conjunction with the application of patches or other mitigations described in this document. \n \nNote that when relying on DEP for exploit mitigation, it is important to use a system that supports Address Space Layout Randomization (ASLR) as well. ASLR is not supported by Windows XP or Windows Server 2003 or earlier. ASLR was introduced with Microsoft Windows Vista and Windows Server 2008. Please see the Microsoft SRD blog entry: [On the effectiveness of DEP and ASLR](<http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx>) for more details. \n \n--- \n \n### Vendor Information\n\n248449\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Nuance Communications, Inc. Affected\n\nNotified: December 17, 2012 Updated: February 05, 2013 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nWe are not aware of further vendor information regarding this vulnerability.\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 10 | AV:N/AC:L/Au:N/C:C/I:C/A:C \nTemporal | 9 | E:POC/RL:U/RC:C \nEnvironmental | 2.3 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND \n \n \n\n\n### References \n\n * <http://www.nuance.com/products/pdf-reader/index.htm>\n * <http://support.microsoft.com/kb/2458544>\n * <http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>\n * <http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>\n * <http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx>\n\n### Acknowledgements\n\nThese vulnerabilities were reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2013-0113](<http://web.nvd.nist.gov/vuln/detail/CVE-2013-0113>) \n---|--- \n**Date Public:** | 2013-02-07 \n**Date First Published:** | 2013-02-07 \n**Date Last Updated: ** | 2013-02-07 18:29 UTC \n**Document Revision: ** | 12 \n", "modified": "2013-02-07T18:29:00", "published": "2013-02-07T00:00:00", "id": "VU:248449", "href": "https://www.kb.cert.org/vuls/id/248449", "type": "cert", "title": "Nuance PDF viewing products contain multiple vulnerabilities", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
