Nuance PDF Reader pdfcore8.dll Heap Buffer Overflow
2013-07-02T00:00:00
ID NUANCE_PDF_READER_PDFCORE_HEAP_OVERFLOW.NASL Type nessus Reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. Modified 2021-01-02T00:00:00
Description
The version of Nuance PDF Reader installed on the remote host is prior
to 8.1. As such, it is affected by a heap-based buffer overflow
vulnerability. The vulnerability exists in the 'PDFCore8.dll' when
allocating memory for a font table directory during the handling of
naming tables when handling TTF files.
An attacker could exploit this issue by tricking a user into opening a
specially crafted document, resulting in arbitrary code execution.
#
# (C) Tenable Network Security, Inc.
#
include("compat.inc");
if (description)
{
script_id(67122);
script_version("1.3");
script_cvs_date("Date: 2018/11/15 20:50:27");
script_cve_id("CVE-2013-0732");
script_bugtraq_id(60315);
script_name(english:"Nuance PDF Reader pdfcore8.dll Heap Buffer Overflow");
script_summary(english:"Checks version of Nuance PDF Reader");
script_set_attribute(attribute:"synopsis", value:
"The remote Windows host has an application that is affected by a
heap-based buffer overflow vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Nuance PDF Reader installed on the remote host is prior
to 8.1. As such, it is affected by a heap-based buffer overflow
vulnerability. The vulnerability exists in the 'PDFCore8.dll' when
allocating memory for a font table directory during the handling of
naming tables when handling TTF files.
An attacker could exploit this issue by tricking a user into opening a
specially crafted document, resulting in arbitrary code execution.");
script_set_attribute(attribute:"see_also", value:"https://www.nuance.com/print-capture-and-pdf-solutions/pdf-and-document-conversion/pdf-reader.html");
script_set_attribute(attribute:"solution", value:"Upgrade to Nuance PDF Reader 8.1 or later.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2013/06/04");
script_set_attribute(attribute:"patch_publication_date", value:"2013/06/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:nuance:pdf_reader");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.");
script_dependencies("nuance_pdf_reader_detect.nasl");
script_require_keys("SMB/Nuance_PDF_Reader/Installed");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("smb_func.inc");
appname = "Nuance PDF Reader";
kb_base = "SMB/Nuance_PDF_Reader/";
path = get_kb_item_or_exit(kb_base + "Path");
ver = get_kb_item_or_exit(kb_base + "Version");
fix = "8.1";
if (ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)
{
port = kb_smb_transport();
if (report_verbosity > 0)
{
report =
'\n Path : ' + path +
'\n Installed version : ' + ver +
'\n Fixed version : ' + fix +
'\n';
security_hole(port:port, extra:report);
}
else security_hole(port:port);
exit(0);
}
else audit(AUDIT_INST_PATH_NOT_VULN, appname, ver, path);
{"id": "NUANCE_PDF_READER_PDFCORE_HEAP_OVERFLOW.NASL", "bulletinFamily": "scanner", "title": "Nuance PDF Reader pdfcore8.dll Heap Buffer Overflow", "description": "The version of Nuance PDF Reader installed on the remote host is prior\nto 8.1. As such, it is affected by a heap-based buffer overflow\nvulnerability. The vulnerability exists in the 'PDFCore8.dll' when\nallocating memory for a font table directory during the handling of\nnaming tables when handling TTF files. \n\nAn attacker could exploit this issue by tricking a user into opening a\nspecially crafted document, resulting in arbitrary code execution.", "published": "2013-07-02T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/67122", "reporter": "This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.", "references": ["https://www.nuance.com/print-capture-and-pdf-solutions/pdf-and-document-conversion/pdf-reader.html"], "cvelist": ["CVE-2013-0732"], "type": "nessus", "lastseen": "2021-01-01T04:00:41", "edition": 25, "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2013-0732"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310804360"]}], "modified": "2021-01-01T04:00:41", "rev": 2}, "score": {"value": 8.1, "vector": "NONE", "modified": "2021-01-01T04:00:41", "rev": 2}, "vulnersScore": 8.1}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(67122);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2018/11/15 20:50:27\");\n\n script_cve_id(\"CVE-2013-0732\");\n script_bugtraq_id(60315);\n\n script_name(english:\"Nuance PDF Reader pdfcore8.dll Heap Buffer Overflow\");\n script_summary(english:\"Checks version of Nuance PDF Reader\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host has an application that is affected by a\nheap-based buffer overflow vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Nuance PDF Reader installed on the remote host is prior\nto 8.1. As such, it is affected by a heap-based buffer overflow\nvulnerability. The vulnerability exists in the 'PDFCore8.dll' when\nallocating memory for a font table directory during the handling of\nnaming tables when handling TTF files. \n\nAn attacker could exploit this issue by tricking a user into opening a\nspecially crafted document, resulting in arbitrary code execution.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.nuance.com/print-capture-and-pdf-solutions/pdf-and-document-conversion/pdf-reader.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Nuance PDF Reader 8.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2013/06/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:nuance:pdf_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"nuance_pdf_reader_detect.nasl\");\n script_require_keys(\"SMB/Nuance_PDF_Reader/Installed\");\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"smb_func.inc\");\n\nappname = \"Nuance PDF Reader\";\nkb_base = \"SMB/Nuance_PDF_Reader/\";\npath = get_kb_item_or_exit(kb_base + \"Path\");\nver = get_kb_item_or_exit(kb_base + \"Version\");\n\nfix = \"8.1\";\nif (ver_compare(ver:ver, fix:fix, strict:FALSE) == -1)\n{\n port = kb_smb_transport();\n\n if (report_verbosity > 0)\n {\n report =\n '\\n Path : ' + path +\n '\\n Installed version : ' + ver +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_hole(port:port, extra:report);\n }\n else security_hole(port:port);\n exit(0);\n}\nelse audit(AUDIT_INST_PATH_NOT_VULN, appname, ver, path);\n", "naslFamily": "Windows", "pluginID": "67122", "cpe": ["cpe:/a:nuance:pdf_reader"], "scheme": null}
{"cve": [{"lastseen": "2020-12-09T19:52:37", "description": "Heap-based buffer overflow in PDFCore8.dll in Nuance PDF Reader before 8.1 allows remote attackers to execute arbitrary code via crafted font table directory values in a TTF file, related to naming table entries.", "edition": 5, "cvss3": {}, "published": "2014-03-27T16:55:00", "title": "CVE-2013-0732", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-0732"], "modified": "2014-03-27T18:09:00", "cpe": ["cpe:/a:nuance:pdf_reader:6.0", "cpe:/a:nuance:pdf_reader:7.0"], "id": "CVE-2013-0732", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-0732", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:nuance:pdf_reader:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:nuance:pdf_reader:7.0:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-04-22T17:03:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2013-0732"], "description": "The host is installed with Nuance PDF Reader and is prone to buffer overflow\nvulnerability.", "modified": "2020-04-20T00:00:00", "published": "2014-04-04T00:00:00", "id": "OPENVAS:1361412562310804360", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310804360", "type": "openvas", "title": "Nuance PDF Reader 'pdfcore8.dll' Buffer Overflow Vulnerability Apr14", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Nuance PDF Reader 'pdfcore8.dll' Buffer Overflow Vulnerability Apr14\n#\n# Authors:\n# Shakeel <bshakeel@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2014 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:nuance:pdf_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.804360\");\n script_version(\"2020-04-20T13:31:49+0000\");\n script_cve_id(\"CVE-2013-0732\");\n script_bugtraq_id(60315);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-20 13:31:49 +0000 (Mon, 20 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2014-04-04 13:11:15 +0530 (Fri, 04 Apr 2014)\");\n script_name(\"Nuance PDF Reader 'pdfcore8.dll' Buffer Overflow Vulnerability Apr14\");\n\n\n script_tag(name:\"summary\", value:\"The host is installed with Nuance PDF Reader and is prone to buffer overflow\nvulnerability.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to an error in 'pdfcore8.dll' when processing naming table\nentries within embedded TTF files.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will allow remote attackers to conduct denial of\nservice or possibly execution of arbitrary code.\");\n script_tag(name:\"affected\", value:\"Nuance PDF Reader version before 8.1\");\n script_tag(name:\"solution\", value:\"Upgrade to Nuance PDF Reader version 8.1 or later.\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/51943\");\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/84695\");\n script_copyright(\"Copyright (C) 2014 Greenbone Networks GmbH\");\n script_category(ACT_GATHER_INFO);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"gb_nuance_pdf_reader_detect_win.nasl\");\n script_mandatory_keys(\"Nuance/PDFReader/Win/Ver\");\n script_xref(name:\"URL\", value:\"http://www.nuance.com/products/pdf-reader/index.htm\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!nuaVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(version_is_less(version:nuaVer, test_version:\"8.10.1302\"))\n{\n report = report_fixed_ver(installed_version:nuaVer, fixed_version:\"8.10.1302\");\n security_message(port:0, data:report);\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
