| VID |
28255 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Acrobat which is older than 9.2 / 8.1.7 been installed on the host. Adobe Acrobat versions prior to 9.2 / 8.1.7 are affected by a code execution vulnerability.
The version of Adobe Acrobat on the remote host allows execution of arbitrary code due to a use-after-free vulnerability in the 'Doc.media.newplayer()' method, which can result in memory corruption.
A remote attacker may be able to exploit this by tricking a user into opening a specially crafted PDF file, resulting in arbitrary code execution.
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb09-07.html
* Platforms Affected:
Adobe Reader versions prior to 9.2
Adobe Reader versions prior to 8.1.7
Microsoft Windows Any version
Linux Any version |
| Recommendation |
If Acrobat 9.2 / 8.1.7 is installed, apply the JavaScript blacklist workaround. If earlier versions are installed, disable JavaScript (refer to Adobe's advisory for more information).http://www.adobe.com/support/security/advisories/apsa09-07.html
http://kb2.adobe.com/cps/504/cpsid_50431.html (workaround) |
| Related URL |
CVE-2009-4324 (CVE) |
| Related URL |
37331 (SecurityFocus) |
| Related URL |
(ISS) |
|
