| VID |
50076 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Reader installed on the remote host is a version prior to 10.1.15. It is, therefore, affected by the following vulnerabilities :
- A buffer overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5093)
- Multiple heap buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)
- Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2015-5087, CVE-2015-5094, CVE-2015-5100, CVE-2015-5102, CVE-2015-5103, CVE-2015-5104, CVE-2015-3095, CVE-2015-5115, CVE-2014-0566)
- An unspecified information disclosure vulnerability exists. (CVE-2015-5107)
- Multiple security bypass vulnerabilities exist that allow an attacker to disclose arbitrary information. (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088, CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)
- A stack overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2015-5110)
- Multiple use-after-free errors exist that allow an attacker to execute arbitrary code. (CVE-2015-4448, CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,CVE-2015-5111, CVE-2015-5113, CVE-2015-5114)
- Multiple validation bypass issues exist that allow an attacker to escalate privileges. (CVE-2015-4446, CVE-2015-5090, CVE-2015-5106)
- A validation bypass issue exists that allows an attacker to cause a denial of service condition. (CVE-2015-5091)
- Multiple integer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2015-5097, CVE-2015-5108, CVE-2015-5109)
- Multiple flaws exist that allow an attacker to bypass restrictions on the JavaScript API execution. (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441, CVE-2015-4445, CVE-2015-4447, CVE-2015-4451, CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)
- Multiple NULL pointer dereference flaws exist that allow an attacker to cause a denial of service condition. (CVE-2015-4443, CVE-2015-4444)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/acrobat/apsb15-15.html
* Platforms Affected:
Adobe Reader versions prior to 10.1.15
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Reader (10.1.15 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb15-15.html |
| Related URL |
CVE-2014-0566,CVE-2014-8450,CVE-2015-3095,CVE-2015-4435,CVE-2015-4438,CVE-2015-4441,CVE-2015-4443,CVE-2015-4444,CVE-2015-4445,CVE-2015-4446 (CVE) |
| Related URL |
69825,75402,75735,75737,75738,75739,75740,75741,75743,75746,75747,75748,75749 (SecurityFocus) |
| Related URL |
(ISS) |
|
