Korean
<< Back
VID 50261
Severity 40
Port 139,445
Protocol TCP
Class SMB
Detailed Description The version of Adobe Reader installed on the remote Windows host is a version prior or equal to 2015.006.30498. It is, therefore, affected by multiple vulnerabilities.

- Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052)

- Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)

- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)

- Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
- Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060)

- Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050)

- Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048)

- Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044)

- Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)

- Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097)

- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)

- Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)

* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.

* References:
https://helpx.adobe.com/security/products/acrobat/apsb19-41.html

* Platforms Affected:
Adobe Reader versions prior equal to 2015.006.30498
Microsoft Windows Any version
Linux Any version
Recommendation Upgrade to the latest version of Adobe Reader (2015.006.30498 later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
Related URL CVE-2019-7832,CVE-2019-7965,CVE-2019-8002,CVE-2019-8003,CVE-2019-8004,CVE-2019-8005,CVE-2019-8006,CVE-2019-8007,CVE-2019-8008,CVE-2019-8009 (CVE)
Related URL 108320 (SecurityFocus)
Related URL (ISS)