| VID |
28262 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Reader which is older than 9.3 / 8.2 been installed on the host. Adobe Reader versions prior to 9.3 / 8.2 are vulnerable to multiple vulnerabilities.
- A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. (CVE-2009-4324)
- An array boundary issue in 'U3D' support can lead to code execution. (CVE-2009-3953)
- A DLL-loading vulnerability in '3D' can allow arbitrary code execution. (CVE-2009-3954)
- A memory corruption vulnerability can lead to code execution. (CVE-2009-3955)
- A script injection vulnerability. (CVE-2009-3956)
- A null-pointer dereference vulnerability can lead to a denial of service. (CVE-2009-3957)
- A buffer overflow vulnerability in the Download Manager can lead to code execution. (CVE-2009-3958)
- An integer overflow vulnerability in 'U3D' support can lead to code execution. (CVE-2009-3959)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb10-02.html
* Platforms Affected:
Adobe Reader versions prior to 9.3 / 8.2
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (8.2 / 9.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb10-02.html |
| Related URL |
CVE-2009-3953,CVE-2009-3954,CVE-2009-3955,CVE-2009-3956,CVE-2009-3957,CVE-2009-3958,CVE-2009-3959,CVE-2009-4324 (CVE) |
| Related URL |
37331,37756,37757,37758,37759,37760,37761,37763 (SecurityFocus) |
| Related URL |
(ISS) |
|
