VID |
50051 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
A version of Adobe Reader which is older than 11.0.3 been installed on the host. Such versions are reportedly affected by multiple vulnerabilities :
- Unspecified memory corruption vulnerabilities exist that could lead to code execution. (CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341) - An integer underflow error exists that could lead to code execution. (CVE-2013-2549) - A use-after-free error exists that could lead to a bypass of Adobe Reader's sandbox protection. (CVE-2013-2550) - An unspecified information leakage issue involving a JavaScript API exists. (CVE-2013-2737) - An unspecified stack overflow issue exists that could lead to code execution. (CVE-2013-2724) - An unspecified buffer overflow error exists that could lead to code execution. (CVE-2013-2730, CVE-2013-2733) - An unspecified integer overflow error exists that could lead to code execution. (CVE-2013-2727, CVE-2013-2729) - A flaw exists in the way Reader handles domains that have been blacklisted in the operating system. (CVE-2013-3342) * Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: http://www.adobe.com/support/security/bulletins/apsb13-15.html
* Platforms Affected: Adobe Reader versions prior to 11.0.3 Microsoft Windows Any version Linux Any version |
Recommendation |
Upgrade to the latest version of Adobe Reader (11.0.3 or later), as described in the Adobe Security bulletin at http://www.adobe.com/support/security/bulletins/apsb13-15.html |
Related URL |
CVE-2013-2549,CVE-2013-2550,CVE-2013-2718,CVE-2013-2719,CVE-2013-2720,CVE-2013-2721,CVE-2013-2722,CVE-2013-2723,CVE-2013-2724,CVE-2013-2725 (CVE) |
Related URL |
58398,58568,59902,59903,59904,59905,59906,59907,59908,59909,59910,59911,59912,59913,59914,59915,59916,59917,59918,59919,59920,59921,59923,59925 (SecurityFocus) |
Related URL |
(ISS) |
|