| VID |
28253 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Acrobat which is older than 9.1.2 / 8.1.6 / 7.1.3 been installed on the host. Adobe Reader versions prior to 9.1.2 / 8.1.6 / 7.1.3 are vulnerable to multiple vulnerabilities.
- A stack buffer overflow can lead to code execution.(CVE-2009-1855)
- An integer buffer overflow can result in an application crash and possibly code execution, although that has not been shown yet. (CVE-2009-1856)
- A memory corruption issue can result in an application crash and possibly code execution, although that has not been shown yet. (CVE-2009-1857)
- A memory corruption issue in the JBIG2 filter can lead to code execution. (CVE-2009-1858)
- A memory corruption issue can lead to code execution.(CVE-2009-1859)
- A memory corruption issue in the JBIG2 filter can result in an application crash and possibly code execution, although that has not been shown yet. (CVE-2009-0198)
- Multiple heap buffer overflow vulnerabilities in the JBIG2 filter can lead to code execution. (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889)
- Multiple heap buffer overflow vulnerabilities can lead to code execution. (CVE-2009-1861)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb09-07.html
* Platforms Affected:
Adobe Reader versions prior to 9.1.2
Adobe Reader versions prior to 8.1.6
Adobe Reader versions prior to 7.1.3
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Acrobat (9.1.2 / 8.1.6 / 7.1.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb09-07.html |
| Related URL |
CVE-2009-0198,CVE-2009-0509,CVE-2009-0510,CVE-2009-0511,CVE-2009-0512,CVE-2009-0888,CVE-2009-0889,CVE-2009-1855,CVE-2009-1856,CVE-2009-1857 (CVE) |
| Related URL |
35274,35282,35289,35291,35293,35294,35295,35296,35298,35299 (SecurityFocus) |
| Related URL |
(ISS) |
|
