Korean
<< Back
VID 50231
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Acrobat installed on the remote Windows host is a version prior to 2015.006.30475. It is, therefore, affected by multiple vulnerabilities:

- Buffer Errors potentially leading to Arbitrary Code Execution (CVE-2019-7020, CVE-2019-7085)

- Data leakage (sensitive) potentially leading to Information Disclosure (CVE-2019-7089)

- Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7080)

- Integer Overflow potentially leading to Information Disclosure (CVE-2019-7030)

- Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023, CVE-2019-7024, CVE-2019-7028, CVE-2019-7032, CVE-2019-7033, CVE-2019-7034, CVE-2019-7035, CVE-2019-7036, CVE-2019-7038, CVE-2019-7045, CVE-2019-7047, CVE-2019-7049, CVE-2019-7053, CVE-2019-7055, CVE-2019-7056, CVE-2019-7057, CVE-2019-7058, CVE-2019-7059, CVE-2019-7063, CVE-2019-7064, CVE-2019-7065, CVE-2019-7067, CVE-2019-7071, CVE-2019-7073, CVE-2019-7074, CVE-2019-7081)

- Security bypass potentially leading to Privilege Escalation (CVE-2018-19725, CVE-2019-7041)

- Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7019, CVE-2019-7027, CVE-2019-7037, CVE-2019-7039, CVE-2019-7052, CVE-2019-7060, CVE-2019-7079)

- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)

- Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046, CVE-2019-7051, CVE-2019-7054, CVE-2019-7066, CVE-2019-7076)

- Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026, CVE-2019-7029, CVE-2019-7031, CVE-2019-7040, CVE-2019-7043, CVE-2019-7044, CVE-2019-7048, CVE-2019-7050, CVE-2019-7062, CVE-2019-7068, CVE-2019-7070, CVE-2019-7072, CVE-2019-7075, CVE-2019-7077, CVE-2019-7078, CVE-2019-7082, CVE-2019-7083, CVE-2019-7084)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://helpx.adobe.com/security/products/acrobat/apsb19-07.html

* Platforms Affected:
Adobe Acrobat versions prior to 2015.006.30475
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Acrobat (2015.006.30475 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb19-07.html
Related URL CVE-2018-19725,CVE-2019-7018,CVE-2019-7019,CVE-2019-7020,CVE-2019-7021,CVE-2019-7022,CVE-2019-7023,CVE-2019-7024,CVE-2019-7025,CVE-2019-7026 (CVE)
Related URL (SecurityFocus)
Related URL (ISS)