VID |
50234 |
Severity |
40 |
Port |
139,445 |
Protocol |
TCP |
Class |
SMB |
Detailed Description |
The version of Adobe Reader installed on the remote Windows host is a version prior to 2015.006.30475. It is, therefore, affected by multiple vulnerabilities:
- Buffer Errors potentially leading to Arbitrary Code Execution (CVE-2019-7020, CVE-2019-7085)
- Data leakage (sensitive) potentially leading to Information Disclosure (CVE-2019-7089)
- Double Free potentially leading to Arbitrary Code Execution (CVE-2019-7080)
- Integer Overflow potentially leading to Information Disclosure (CVE-2019-7030)
- Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-7021, CVE-2019-7022, CVE-2019-7023, CVE-2019-7024, CVE-2019-7028, CVE-2019-7032, CVE-2019-7033, CVE-2019-7034, CVE-2019-7035, CVE-2019-7036, CVE-2019-7038, CVE-2019-7045, CVE-2019-7047, CVE-2019-7049, CVE-2019-7053, CVE-2019-7055, CVE-2019-7056, CVE-2019-7057, CVE-2019-7058, CVE-2019-7059, CVE-2019-7063, CVE-2019-7064, CVE-2019-7065, CVE-2019-7067, CVE-2019-7071, CVE-2019-7073, CVE-2019-7074, CVE-2019-7081)
- Security bypass potentially leading to Privilege Escalation (CVE-2018-19725, CVE-2019-7041)
- Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-7019, CVE-2019-7027, CVE-2019-7037, CVE-2019-7039, CVE-2019-7052, CVE-2019-7060, CVE-2019-7079)
- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-7069, CVE-2019-7086, CVE-2019-7087)
- Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution (CVE-2019-7042, CVE-2019-7046, CVE-2019-7051, CVE-2019-7054, CVE-2019-7066, CVE-2019-7076)
- Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-7018, CVE-2019-7025, CVE-2019-7026, CVE-2019-7029, CVE-2019-7031, CVE-2019-7040, CVE-2019-7043, CVE-2019-7044, CVE-2019-7048, CVE-2019-7050, CVE-2019-7062, CVE-2019-7068, CVE-2019-7070, CVE-2019-7072, CVE-2019-7075, CVE-2019-7077, CVE-2019-7078, CVE-2019-7082, CVE-2019-7083, CVE-2019-7084)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References: https://helpx.adobe.com/security/products/acrobat/apsb19-07.html
* Platforms Affected: Adobe Reader versions prior to 2015.006.30475 Microsoft Windows Any version Linux Any version |
Recommendation |
Upgrade to the latest version of Adobe Reader (2015.006.30475 or later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb19-07.html |
Related URL |
CVE-2018-19725,CVE-2019-7018,CVE-2019-7019,CVE-2019-7020,CVE-2019-7021,CVE-2019-7022,CVE-2019-7023,CVE-2019-7024,CVE-2019-7025,CVE-2019-7026 (CVE) |
Related URL |
(SecurityFocus) |
Related URL |
(ISS) |
|