Korean
<< Back
VID 50064
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.10 / 11.0.07. It is, therefore, affected by multiple vulnerabilities :

- A heap overflow vulnerability exists that could lead to code execution. (CVE-2014-0511)

- A security bypass vulnerability exists with input validation. (CVE-2014-0512)

- An information disclosure vulnerability exists with the JavaScript APIs. (CVE-2014-0521)

- Multiple memory corruption vulnerabilities exists that could lead to code execution. (CVE-2014-0522, CVE-2014-0523, CVE-2014-0524, CVE-2014-0526)

- A vulnerability exists with how Reader handles a certain API call that could lead to code execution. (CVE-2014-0525)

- An use-after-free vulnerability exists that could lead to code execution. (CVE-2014-0527)

- A double-free vulnerability exists that could lead to code execution. (CVE-2014-0528)

- A buffer overflow vulnerability exists that could lead to code execution. (CVE-2014-0529)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://helpx.adobe.com/security/products/acrobat/apsb14-15.html

* Platforms Affected:
Adobe Acrobat versions prior to 10.1.10 / 11.0.07
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Acrobat (10.1.10 / 11.0.07 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb14-15.html
Related URL CVE-2014-0511,CVE-2014-0512,CVE-2014-0521,CVE-2014-0522,CVE-2014-0523,CVE-2014-0524,CVE-2014-0525,CVE-2014-0526,CVE-2014-0527,CVE-2014-0528 (CVE)
Related URL 66205,66512,67360,67362,67363,67365,67366,67367,67368,67369,67370 (SecurityFocus)
Related URL (ISS)