| VID |
28275 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Acrobat reader which is older than 9.3.3 / 8.2.3 been installed on the host. Adobe Reader versions prior to 9.3.3 / 8.2.3 are vulnerable to multiple vulnerabilities.
- A social engineering attack could lead to code execution. (CVE-2010-1240)
- Handling of an invalid pointer could lead to code execution. (CVE-2010-1285)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-1295)
- A memory corruption vulnerability could lead to code execution. This issue is reportedly being exploited in the wild. (CVE-2010-1297)
- Handling of an invalid pointer could lead to code execution. (CVE-2010-2168)
- Handling of an invalid pointer could lead to code execution. (CVE-2010-2201)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2202)
- A denial of service vulnerability could potentially lead to code execution. (CVE-2010-2204)
- It may be possible to execute arbitrary code via uninitialized memory locations. (CVE-2010-2205)
- An error in array-indexing could lead to code execution. (CVE-2010-2206)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2207)
- Dereferencing a deleted heap object could lead to code execution. (CVE-2010-2208)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2209)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2210)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2211)
- A memory corruption vulnerability could lead to code execution. (CVE-2010-2212)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb10-15.html
* Platforms Affected:
Adobe Acrobat Reader versions prior to 9.3.3 / 8.2.3
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Acrobat Reader (8.2.3 / 9.3.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb10-15.html |
| Related URL |
CVE-2010-1240,CVE-2010-1285,CVE-2010-1295,CVE-2010-1297,CVE-2010-2168,CVE-2010-2201,CVE-2010-2202,CVE-2010-2204,CVE-2010-2205 (CVE) |
| Related URL |
40586,41230,41234,41235,41236,41237,41238,41239,41240,41241,41242,41243,41244,41245 (SecurityFocus) |
| Related URL |
(ISS) |
|
