| VID |
50063 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Reader installed on the remote host is a version prior to 10.1.10 / 11.0.07. It is, therefore, affected by multiple vulnerabilities :
- A heap overflow vulnerability exists that could lead to code execution. (CVE-2014-0511)
- A security bypass vulnerability exists with input validation. (CVE-2014-0512)
- An information disclosure vulnerability exists with the JavaScript APIs. (CVE-2014-0521)
- Multiple memory corruption vulnerabilities exists that could lead to code execution. (CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0526)
- A vulnerability exists with how Reader handles a certain API call that could lead to code execution. (CVE-2014-0525)
- A use-after-free vulnerability exists that could lead to code execution. (CVE-2014-0527)
- A double-free vulnerability exists that could lead to code execution. (CVE-2014-0528)
- A buffer overflow vulnerability exists that could lead to code execution. (CVE-2014-0529)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/acrobat/apsb14-15.html
* Platforms Affected:
Adobe Reader versions prior to 10.1.10 / 11.0.7
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (10.1.10 / 11.0.07 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb14-15.html |
| Related URL |
CVE-2014-0511,CVE-2014-0512,CVE-2014-0521,CVE-2014-0522,CVE-2014-0523,CVE-2014-0524,CVE-2014-0525,CVE-2014-0526,CVE-2014-0527,CVE-2014-0528 (CVE) |
| Related URL |
66205,66512,67360,67362,67363,67365,67366,67367,67368,67369,67370 (SecurityFocus) |
| Related URL |
(ISS) |
|
