ID CVE-2013-0113 Type cve Reporter NVD Modified 2013-02-26T00:00:00
Description
Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.
{"title": "CVE-2013-0113", "reporter": "NVD", "enchantments": {"score": {"vector": "NONE", "value": 9.3}, "vulnersScore": 9.3}, "published": "2013-02-24T06:48:21", "cvelist": ["CVE-2013-0113"], "hash": "ea638535e1faf86e82448f0e7cec5947671a1d303ad0d55faef59066b669a3a9", "objectVersion": "1.2", "type": "cve", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0113", "bulletinFamily": "NVD", "id": "CVE-2013-0113", "history": [], "scanner": [], "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "modified": "2013-02-26T00:00:00", "viewCount": 0, "cpe": ["cpe:/a:nuance:pdf_reader:7.0", "cpe:/a:nuance:pdf_reader_plus:7.1"], "edition": 1, "description": "Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document.", "references": ["http://www.kb.cert.org/vuls/id/248449"], "lastseen": "2016-09-03T17:49:42", "assessment": {"system": "", "name": "", "href": ""}}
{"result": {"cert": [{"lastseen": "2016-02-03T09:13:33", "references": ["http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx", "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx", "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0113", "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx", "http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx", "http://www.youtube.com/watch?v=28_LUs_g0u4", "http://support.microsoft.com/kb/2458544", "http://support.microsoft.com/kb/2458544", "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx", "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx", "http://www.nuance.com/products/pdf-reader/index.htm"], "description": "### Overview\n\nNuance PDF viewing products contain multiple memory-corruption vulnerabilities, which may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.\n\n### Description\n\nNuance provides two similar PDF viewing products called PDF Reader and PDF Viewer Plus. Both of these products contain multiple exploitable memory-corruption vulnerabilities. We have found that both Nuance PDF Reader 7.0 and PDF Viewer Plus 7.1 are affected. \n \n--- \n \n### Impact\n\nBy convincing a user to view a specially crafted PDF document, an attacker may be able to execute arbitrary code on a vulnerable system. \n \n--- \n \n### Solution\n\nWe are currently unaware of a practical solution to this problem. Please consider the following workarounds: \n \n--- \n \n**Use the Microsoft Enhanced Mitigation Experience Toolkit**\n\nThe [Microsoft Enhanced Mitigation Experience Toolkit](<http://support.microsoft.com/kb/2458544>) (EMET) can be used to help prevent exploitation of this vulnerability. CERT/CC has created a [video tutorial for setting up EMET 3.0](<http://www.youtube.com/watch?v=28_LUs_g0u4>) on Windows 7. Note that platforms that do not support ASLR, such as Windows XP and Windows Server 2003, will not receive the same level of protection that modern Windows platforms will. \n \n**Enable DEP in Microsoft Windows** \n \nConsider enabling Data Execution Prevention (DEP) in supported versions of Windows. DEP should not be treated as a complete workaround, but it can mitigate the execution of attacker-supplied code in some cases. Microsoft has published detailed technical information about DEP in Security Research & Defense blog posts \"Understanding DEP as a mitigation technology\" [part 1](<http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>) and [part 2](<http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>). DEP should be used in conjunction with the application of patches or other mitigations described in this document. \n \nNote that when relying on DEP for exploit mitigation, it is important to use a system that supports Address Space Layout Randomization (ASLR) as well. ASLR is not supported by Windows XP or Windows Server 2003 or earlier. ASLR was introduced with Microsoft Windows Vista and Windows Server 2008. Please see the Microsoft SRD blog entry: [On the effectiveness of DEP and ASLR](<http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx>) for more details. \n \n--- \n \n### Vendor Information \n\nVendor| Status| Date Notified| Date Updated \n---|---|---|--- \nNuance Communications, Inc.| | 17 Dec 2012| 05 Feb 2013 \nIf you are a vendor and your product is affected, [let us know](<mailto:cert@cert.org?Subject=VU%23248449 Vendor Status Inquiry>).\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C \nTemporal | 9.0 | E:POC/RL:U/RC:C \nEnvironmental | 2.3 | CDP:ND/TD:L/CR:ND/IR:ND/AR:ND \n \n### References\n\n * <http://www.nuance.com/products/pdf-reader/index.htm>\n * <http://support.microsoft.com/kb/2458544>\n * <http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx>\n * <http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx>\n * <http://blogs.technet.com/b/srd/archive/2010/12/08/on-the-effectiveness-of-dep-and-aslr.aspx>\n\n### Credit\n\nThese vulnerabilities were reported by Will Dormann of the CERT/CC.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n * CVE IDs: [CVE-2013-0113](<http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0113>)\n * Date Public: 07 Feb 2013\n * Date First Published: 07 Feb 2013\n * Date Last Updated: 07 Feb 2013\n * Document Revision: 11\n\n", "edition": 1, "reporter": "CERT", "published": "2013-02-07T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 9.3}}, "type": "cert", "title": "Nuance PDF viewing products contain multiple vulnerabilities", "bulletinFamily": "info", "cvelist": ["CVE-2013-0113", "CVE-2013-0113"], "modified": "2013-02-07T00:00:00", "id": "VU:248449", "href": "https://www.kb.cert.org/vuls/id/248449", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:11:23", "references": ["http://en.securitylab.ru/nvd/438057.php", "http://secunia.com/advisories/cve_reference/CVE-2013-0113", "http://www.kb.cert.org/vuls/id/248449"], "pluginID": "803329", "description": "The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.", "edition": 1, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-11T00:00:00", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "title": "Nuance PDF Reader Multiple Memory Corruption Vulnerabilities", "type": "openvas", "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0113"], "modified": "2017-05-08T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=803329", "id": "OPENVAS:803329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nuance_pdf_reader_mult_memory_corruption_vuln.nasl 6079 2017-05-08 09:03:33Z teissa $\n#\n# Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows an attacker to corrupt memory, execute\narbitrary code within the context of the user running the affected\napplication or failed attempts may cause a denial-of-service.\n\nImpact Level: System/Application\";\n\ntag_affected = \"Nuance PDF Reader version 7.0\";\n\ntag_insight = \"Multiple unspecified flaws as user input is not properly\nsanitized when handling PDF files.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.\";\n\nif(description)\n{\n script_id(803329);\n script_version(\"$Revision: 6079 $\");\n script_bugtraq_id(57851);\n script_cve_id(\"CVE-2013-0113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-05-08 11:03:33 +0200 (Mon, 08 May 2017) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 15:51:39 +0530 (Mon, 11 Mar 2013)\");\n script_name(\"Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/248449\");\n script_xref(name : \"URL\" , value : \"http://en.securitylab.ru/nvd/438057.php\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/cve_reference/CVE-2013-0113\");\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_nuance_pdf_reader_detect_win.nasl\");\n script_mandatory_keys(\"Nuance/PDFReader/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nReaderVer =\"\";\n\n# Get the version from KB\nReaderVer = get_kb_item(\"Nuance/PDFReader/Win/Ver\");\n\n# Check for Nuance PDF Editor Version\nif(ReaderVer && ReaderVer == \"7.00.0000\")\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-04-06T11:23:43", "references": ["http://en.securitylab.ru/nvd/438057.php", "http://secunia.com/advisories/cve_reference/CVE-2013-0113", "http://www.kb.cert.org/vuls/id/248449"], "pluginID": "1361412562310803329", "description": "The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.", "edition": 1, "reporter": "Copyright (c) 2013 Greenbone Networks GmbH", "published": "2013-03-11T00:00:00", "type": "openvas", "title": "Nuance PDF Reader Multiple Memory Corruption Vulnerabilities", "enchantments": {"score": {"vector": "NONE", "value": 7.5}}, "naslFamily": "General", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0113"], "modified": "2018-04-06T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310803329", "id": "OPENVAS:1361412562310803329", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_nuance_pdf_reader_mult_memory_corruption_vuln.nasl 9353 2018-04-06 07:14:20Z cfischer $\n#\n# Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\n#\n# Authors:\n# Arun Kallavi <karun@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows an attacker to corrupt memory, execute\narbitrary code within the context of the user running the affected\napplication or failed attempts may cause a denial-of-service.\n\nImpact Level: System/Application\";\n\ntag_affected = \"Nuance PDF Reader version 7.0\";\n\ntag_insight = \"Multiple unspecified flaws as user input is not properly\nsanitized when handling PDF files.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"The host is installed with Nuance PDF Reader and is prone to\nmultiple memory-corruption vulnerabilities.\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.803329\");\n script_version(\"$Revision: 9353 $\");\n script_bugtraq_id(57851);\n script_cve_id(\"CVE-2013-0113\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-04-06 09:14:20 +0200 (Fri, 06 Apr 2018) $\");\n script_tag(name:\"creation_date\", value:\"2013-03-11 15:51:39 +0530 (Mon, 11 Mar 2013)\");\n script_name(\"Nuance PDF Reader Multiple Memory Corruption Vulnerabilities\");\n script_xref(name : \"URL\" , value : \"http://www.kb.cert.org/vuls/id/248449\");\n script_xref(name : \"URL\" , value : \"http://en.securitylab.ru/nvd/438057.php\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/cve_reference/CVE-2013-0113\");\n\n script_copyright(\"Copyright (c) 2013 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"General\");\n script_dependencies(\"gb_nuance_pdf_reader_detect_win.nasl\");\n script_mandatory_keys(\"Nuance/PDFReader/Win/Ver\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\n# Variable Initialization\nReaderVer =\"\";\n\n# Get the version from KB\nReaderVer = get_kb_item(\"Nuance/PDFReader/Win/Ver\");\n\n# Check for Nuance PDF Editor Version\nif(ReaderVer && ReaderVer == \"7.00.0000\")\n{\n security_message(0);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}}
