| VID |
50265 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
SMB |
| Detailed Description |
The version of Adobe Acrobat installed on the remote Windows host is a version prior or equal to 2017.011.30143. It is, therefore, affected by multiple vulnerabilities.
- Out-of-Bounds Read potentially leading to Information Disclosure (CVE-2019-8077, CVE-2019-8094, CVE-2019-8095, CVE-2019-8096, CVE-2019-8102, CVE-2019-8103, CVE-2019-8104, CVE-2019-8105, CVE-2019-8106, CVE-2019-8002, CVE-2019-8004, CVE-2019-8005, CVE-2019-8007, CVE-2019-8010, CVE-2019-8011, CVE-2019-8012, CVE-2019-8018, CVE-2019-8020, CVE-2019-8021, CVE-2019-8032, CVE-2019-8035, CVE-2019-8037, CVE-2019-8040, CVE-2019-8043, CVE-2019-8052)
- Out-of-Bounds Write potentially leading to Arbitrary Code Execution (CVE-2019-8098, CVE-2019-8100, CVE-2019-7965, CVE-2019-8008, CVE-2019-8009, CVE-2019-8016, CVE-2019-8022, CVE-2019-8023, CVE-2019-8027)
- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)
- Use After Free potentially leading to Arbitrary Code Execution (CVE-2019-8003, CVE-2019-8013, CVE-2019-8024, CVE-2019-8025, CVE-2019-8026, CVE-2019-8028, CVE-2019-8029, CVE-2019-8030, CVE-2019-8031, CVE-2019-8033, CVE-2019-8034, CVE-2019-8036, CVE-2019-8038, CVE-2019-8039, CVE-2019-8047, CVE-2019-8051, CVE-2019-8053, CVE-2019-8054, CVE-2019-8055, CVE-2019-8056, CVE-2019-8057, CVE-2019-8058, CVE-2019-8059, CVE-2019-8061)
- Command injection potentially leading to Arbitrary Command Execution (CVE-2019-8060)
- Heap Overflow potentially leading to Arbitrary Code Execution (CVE-2019-7832, CVE-2019-8014, CVE-2019-8015, CVE-2019-8041, CVE-2019-8042, CVE-2019-8046, CVE-2019-8049, CVE-2019-8050)
- Buffer Error potentially leading to Arbitrary Code Execution (CVE-2019-8048)
- Double Free potentially leading to Arbitrary Code Execution (CVE-2019-8044)
- Integer Overflow potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8099, CVE-2019-8101)
- Internal IP Disclosure potentially leading to Information Disclosure (CVE-2019-8097)
- Type Confusion potentially leading to Arbitrary Code Execution (CVE-2019-8019)
- Untrusted Pointer Dereference potentially leading to Arbitrary Code Execution or Denial of Service (CVE-2019-8006, CVE-2019-8017, CVE-2019-8045)
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these conditions will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
https://helpx.adobe.com/security/products/acrobat/apsb19-41.html
* Platforms Affected:
Adobe Acrobat versions prior equal to 2017.011.30143
Microsoft Windows Any version
Linux Any version |
| Recommendation |
Upgrade to the latest version of Adobe Acrobat (2017.011.30143 later), as described in the Adobe Security bulletin at https://helpx.adobe.com/security/products/acrobat/apsb19-41.html |
| Related URL |
CVE-2019-7832,CVE-2019-7965,CVE-2019-8002,CVE-2019-8003,CVE-2019-8004,CVE-2019-8005,CVE-2019-8006,CVE-2019-8007,CVE-2019-8008,CVE-2019-8009 (CVE) |
| Related URL |
108320 (SecurityFocus) |
| Related URL |
(ISS) |
|
