| VID |
50068 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Acrobat installed on the remote host is a version prior to 11.0.9. It is, therefore, affected by the following vulnerabilities :
- A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0560)
- A heap-based buffer overflow exists that allows arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)
- A memory corruption error exists that allows denial of service attacks. (CVE-2014-0563)
- Memory corruption errors exist that could allow arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)
- An unspecified error exists that allows the bypassing of the sandbox security restrictions. (CVE-2014-0568)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/acrobat/apsb14-15.html
* Platforms Affected:
Adobe Acrobat versions prior to 11.0.9
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Acrobat (11.0.9 or later), as described in the Adobe Security bulletin at http://helpx.adobe.com/security/products/reader/apsb14-20.html |
| Related URL |
CVE-2014-0560,CVE-2014-0561,CVE-2014-0563,CVE-2014-0565,CVE-2014-0566,CVE-2014-0567,CVE-2014-0568 (CVE) |
| Related URL |
69823,69821,69826,69824,69825,69827,69828 (SecurityFocus) |
| Related URL |
(ISS) |
|
