Korean
<< Back
VID 28261
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description A version of Adobe Acrobat which is older than 9.3 / 8.2 been installed on the host. Adobe Acrobat versions prior to 9.3 / 8.2 are vulnerable to multiple vulnerabilities.

- A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. (CVE-2009-4324)
- An array boundary issue in 'U3D' support can lead to code execution. (CVE-2009-3953)
- A DLL-loading vulnerability in '3D' can allow arbitrary code execution. (CVE-2009-3954)
- A memory corruption vulnerability can lead to code execution. (CVE-2009-3955)
- A script injection vulnerability. (CVE-2009-3956)
- A null-pointer dereference vulnerability can lead to a denial of service. (CVE-2009-3957)
- A buffer overflow vulnerability in the Download Manager can lead to code execution. (CVE-2009-3958)
- An integer overflow vulnerability in 'U3D' support can lead to code execution. (CVE-2009-3959)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
http://www.adobe.com/support/security/bulletins/apsb10-02.html

* Platforms Affected:
Adobe Acrobat versions prior to 9.3 / 8.2
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Acrobat (8.2 / 9.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb10-02.html
Related URL CVE-2009-3953,CVE-2009-3954,CVE-2009-3955,CVE-2009-3956,CVE-2009-3957,CVE-2009-3958,CVE-2009-3959,CVE-2009-4324 (CVE)
Related URL 37331,37756,37757,37758,37759,37760,37761,37763 (SecurityFocus)
Related URL (ISS)