| VID |
50049 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
A version of Adobe Reader which is older than 9.5.5 been installed on the host. Such versions are reportedly affected by multiple vulnerabilities :
- Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341)
- An integer underflow error exists that could lead to code execution. (CVE-2013-2549)
- A use-after-free error exists that could lead to a bypass of Adobe Reader's sandbox protection. (CVE-2013-2550)
- An unspecified information leakage issue involving a JavaScript API exists. (CVE-2013-2737)
- An unspecified stack overflow issue exists that could lead to code execution. (CVE-2013-2724)
- An unspecified buffer overflow error exists that could lead to code execution. (CVE-2013-2730, CVE-2013-2733)
- An unspecified integer overflow error exists that could lead to code execution. (CVE-2013-2727, CVE-2013-2729)
- A flaw exists in the way Reader handles domains that have been blacklisted in the operating system. (CVE-2013-3342)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.adobe.com/support/security/bulletins/apsb13-15.html
* Platforms Affected:
Adobe Reader versions prior to 9.5.5
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (9.5.5 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb13-15.html |
| Related URL |
CVE-2013-2549,CVE-2013-2550,CVE-2013-2718,CVE-2013-2719,CVE-2013-2720,CVE-2013-2721,CVE-2013-2722,CVE-2013-2723,CVE-2013-2724,CVE-2013-2725 (CVE) |
| Related URL |
58398,58568,59902,59903,59904,59905,59906,59907,59908,59909,59910,59911,59912,59913,59914,59915,59916,59917,59918,59919,59920,59921,59923,59925 (SecurityFocus) |
| Related URL |
(ISS) |
|
