VID |
28261 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
A version of Adobe Acrobat which is older than 9.3 / 8.2 been installed on the host. Adobe Acrobat versions prior to 9.3 / 8.2 are vulnerable to multiple vulnerabilities.
- A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. (CVE-2009-4324) - An array boundary issue in 'U3D' support can lead to code execution. (CVE-2009-3953) - A DLL-loading vulnerability in '3D' can allow arbitrary code execution. (CVE-2009-3954) - A memory corruption vulnerability can lead to code execution. (CVE-2009-3955) - A script injection vulnerability. (CVE-2009-3956) - A null-pointer dereference vulnerability can lead to a denial of service. (CVE-2009-3957) - A buffer overflow vulnerability in the Download Manager can lead to code execution. (CVE-2009-3958) - An integer overflow vulnerability in 'U3D' support can lead to code execution. (CVE-2009-3959)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: http://www.adobe.com/support/security/bulletins/apsb10-02.html
* Platforms Affected: Adobe Acrobat versions prior to 9.3 / 8.2 Microsoft Windows Any version Linux Any version |
Recommendation |
Upgrade to the latest version of Adobe Acrobat (8.2 / 9.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb10-02.html |
Related URL |
CVE-2009-3953,CVE-2009-3954,CVE-2009-3955,CVE-2009-3956,CVE-2009-3957,CVE-2009-3958,CVE-2009-3959,CVE-2009-4324 (CVE) |
Related URL |
37331,37756,37757,37758,37759,37760,37761,37763 (SecurityFocus) |
Related URL |
(ISS) |
|