| VID |
28249 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Reader which is older than 9.2 / 8.1.7 / 7.1.4 been installed on the host. Adobe Reader versions prior to 9.2 / 8.1.7 / 7.1.4 are vulnerable to multiple vulnerabilities.
- A heap overflow vulnerability. (CVE-2009-3459)
- A memory corruption issue. (CVE-2009-2985)
- Multiple heap overflow vulnerabilities. (CVE-2009-2986)
- An invalid array index issue that could lead to code execution. (CVE-2009-2990)
- Multiple input validation vulnerabilities that could lead to code execution. (CVE-2009-2993)
- A buffer overflow issue. (CVE-2009-2994)
- A heap overflow vulnerability. (CVE-2009-2997)
- An input validation issue that could lead to code execution. (CVE-2009-2998)
- An input validation issue that could lead to code execution. (CVE-2009-3458)
- A memory corruption issue that leads to a denial of service. (CVE-2009-2983)
- An integer overflow that leads to a denial of service.(CVE-2009-2980)
- A memory corruption issue that leads to a denial of service. (CVE-2009-2996)
- An input validation issue that could lead to a bypass of Trust Manager restrictions. (CVE-2009-2981)
- A certificate is used that, if compromised, could be used in a social engineering attack. (CVE-2009-2982)
- A stack overflow issue that could lead to a denial of service. (CVE-2009-3431)
- A XMP-XML entity expansion issue that could lead to a denial of service attack. (CVE-2009-2979)
- A remote denial of service issue in the ActiveX control.(CVE-2009-2987)
- An input validation issue. (CVE-2009-2988)
- An input validation issue specific to the ActiveX control. (CVE-2009-2992)
- A third party web download product is used that could lead to a local privilege escalation. (CVE-2009-2564)
- A cross-site scripting issue when the browser plugin in used with Google Chrome and Opera browsers. (CVE-2007-0048, CVE-2007-0045)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb09-15.html
* Platforms Affected:
Adobe Reader versions prior to 9.2
Adobe Reader versions prior to 8.1.7
Adobe Reader versions prior to 7.1.4
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (9.2 / 8.1.7 / 7.1.4 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb09-15.html |
| Related URL |
CVE-2007-0048,CVE-2007-0045,CVE-2009-2564,CVE-2009-2979,CVE-2009-2980,CVE-2009-2981,CVE-2009-2982,CVE-2009-2983,CVE-2009-2986,CVE-2009-2987 (CVE) |
| Related URL |
21858,35740,36600,36664,36665,36667,36668,36669,36671,36677,36678,36680,36681,36682,36683,36686,36687,36688,36689,36690,36692,36695 (SecurityFocus) |
| Related URL |
(ISS) |
|
