Korean
<< Back
VID 50046
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description A version of Adobe Acrobat which is older than 9.5.5 been installed on the host. Such versions are reportedly affected by multiple vulnerabilities :

- Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341)
- An integer underflow error exists that could lead to code execution. (CVE-2013-2549)
- A use-after-free error exists that could lead to a bypass of Adobe Reader's sandbox protection. (CVE-2013-2550)
- An unspecified information leakage issue involving a JavaScript API exists. (CVE-2013-2737)
- An unspecified stack overflow issue exists that could lead to code execution. (CVE-2013-2724)
- An unspecified buffer overflow error exists that could lead to code execution. (CVE-2013-2730, CVE-2013-2733)
- An unspecified integer overflow error exists that could lead to code execution. (CVE-2013-2727, CVE-2013-2729)
- A flaw exists in the way Reader handles domains that have been blacklisted in the operating system. (CVE-2013-3342)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
http://www.adobe.com/support/security/bulletins/apsb13-15.html

* Platforms Affected:
Adobe Acrobat versions prior to 9.5.5
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Acrobat (9.5.5 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb13-15.html
Related URL CVE-2013-2549,CVE-2013-2550,CVE-2013-2718,CVE-2013-2719,CVE-2013-2720,CVE-2013-2721,CVE-2013-2722,CVE-2013-2723,CVE-2013-2724,CVE-2013-2725 (CVE)
Related URL 58398,58568,59902,59903,59904,59905,59906,59907,59908,59909,59910,59911,59912,59913,59914,59915,59916,59917,59918,59919,59920,59921,59923,59925 (SecurityFocus)
Related URL (ISS)