Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title acroread security update
Informations
Name RHSA-2009:1499 First vendor Publication 2009-10-14
Vendor RedHat Last vendor Modification 2009-10-14
Severity (Vendor) Critical Revision 01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2009-2979, CVE-2009-2988, CVE-2009-3431)

An input validation flaw was found in Adobe Reader. Opening a specially-crafted PDF file could lead to a Trust Manager restrictions bypass. (CVE-2009-2981)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

528071 - CVE-2009-3459 acroread: heap overflow fix in version 8.1.7 (APSB09-15) 528659 - acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15) 528665 - CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15) 528666 - CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1499.html

CWE : Common Weakness Enumeration

% Id Name
33 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
33 % CWE-20 Improper Input Validation
20 % CWE-399 Resource Management Errors
13 % CWE-189 Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22955
 
Oval ID: oval:org.mitre.oval:def:22955
Title: ELSA-2009:1499: acroread security update (Critical)
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Family: unix Class: patch
Reference(s): ELSA-2009:1499-01
CVE-2009-2979
CVE-2009-2980
CVE-2009-2981
CVE-2009-2983
CVE-2009-2985
CVE-2009-2986
CVE-2009-2988
CVE-2009-2990
CVE-2009-2991
CVE-2009-2993
CVE-2009-2994
CVE-2009-2996
CVE-2009-2997
CVE-2009-2998
CVE-2009-3431
CVE-2009-3458
CVE-2009-3459
CVE-2009-3462
Version: 77
Platform(s): Oracle Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5557
 
Oval ID: oval:org.mitre.oval:def:5557
Title: Adobe Reader and Acrobat might allow remote attackers to execute arbitrary code via unknown vectors.
Description: Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2991
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5560
 
Oval ID: oval:org.mitre.oval:def:5560
Title: Adobe Reader and Acrobat memory corruption or possibly execute arbitrary code via unspecified vectors
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2996
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5636
 
Oval ID: oval:org.mitre.oval:def:5636
Title: Adobe Reader and Acrobat cause DoS (memory corruption) or execute arbitrary code via unspecified vectors.
Description: Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2983
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5822
 
Oval ID: oval:org.mitre.oval:def:5822
Title: Adobe Reader and Acrobat cause Multiple Vulnerabilities
Description: The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2993
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5888
 
Oval ID: oval:org.mitre.oval:def:5888
Title: Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description: Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2986
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5964
 
Oval ID: oval:org.mitre.oval:def:5964
Title: Adobe Reader and Acrobat DoS or possibly execute arbitrary code via unspecified vectors
Description: Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2980
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6145
 
Oval ID: oval:org.mitre.oval:def:6145
Title: Adobe Reader and Acrobat cause DoS and Arbitrary Execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2985
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6156
 
Oval ID: oval:org.mitre.oval:def:6156
Title: Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description: Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2994
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6280
 
Oval ID: oval:org.mitre.oval:def:6280
Title: Adobe Reader and Acrobat denial of service via a crafted document
Description: Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2979
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6284
 
Oval ID: oval:org.mitre.oval:def:6284
Title: Adobe Reader and Acrobat bypass intended Trust Manager restrictions via unspecified vectors
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2981
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6371
 
Oval ID: oval:org.mitre.oval:def:6371
Title: Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description: Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2990
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6418
 
Oval ID: oval:org.mitre.oval:def:6418
Title: Adobe Reader and Acrobat allow arbitrary code execution and DoS
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2998
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6429
 
Oval ID: oval:org.mitre.oval:def:6429
Title: DEPRECATED: Adobe Reader and Acrobat 'format bug' remote arbitrary code execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3462
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6481
 
Oval ID: oval:org.mitre.oval:def:6481
Title: Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2997
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6483
 
Oval ID: oval:org.mitre.oval:def:6483
Title: Adobe Reader and Acrobat cause Denial of Service Vulnerability
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2988
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6499
 
Oval ID: oval:org.mitre.oval:def:6499
Title: Adobe Reader and Acrobat allow arbitrary code execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3458
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6532
 
Oval ID: oval:org.mitre.oval:def:6532
Title: Adobe Reader and Acrobat denial of service (application crash) via a PDF
Description: Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3431
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6534
 
Oval ID: oval:org.mitre.oval:def:6534
Title: Adobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF file
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3459
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 127
Application 81
Application 37

SAINT Exploits

Description Link
Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution More info here
Adobe Reader FlateDecode filter TIFF Predictor integer overflow More info here

ExploitDB Exploits

id Description
2009-10-27 Adobe Acrobat Reader 7-9 U3D BoF

OpenVAS Exploits

Date Description
2009-10-27 Name : Gentoo Security Advisory GLSA 200910-03 (acroread)
File : nvt/glsa_200910_03.nasl
2009-10-27 Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja)
File : nvt/suse_sa_2009_049.nasl
2009-10-22 Name : Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)
File : nvt/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
2009-10-22 Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)
File : nvt/gb_adobe_prdts_mult_vuln_oct09_win.nasl
2009-10-19 Name : RedHat Security Advisory RHSA-2009:1499
File : nvt/RHSA_2009_1499.nasl
2009-10-06 Name : Adobe Acrobat PDF File Denial Of Service Vulnerability
File : nvt/gb_adobe_acrobat_pdf_dos_vuln.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58928 Adobe Reader / Acrobat Unspecified Trust Manager Restriction Bypass

58927 Adobe Reader / Acrobat Multiple Unspecified Heap Overflows

58926 Adobe Reader / Acrobat U3D Processing Heap Corruption

58925 Adobe Reader Plug-in for Mozilla Unloading Use-after-free Arbitrary Code Exec...

58924 Adobe Reader / Acrobat on Unix Debug Mode Arbitrary Code Execution

58923 Adobe Reader / Acrobat Unspecified Memory Corruption (2009-2996)

58922 Adobe Reader / Acrobat PDF Compact Font Format Malformed Index Handling Memor...

58921 Adobe Reader / Acrobat XMP-XML Entity Expansion Unspecified DoS

58920 Adobe Reader / Acrobat PDF U3D File Handling Invalid Array Index Arbitrary Co...

58916 Adobe Reader / Acrobat Unspecified Integer Overflow (2009-2980)

58913 Adobe Reader / Acrobat COM Object Loading / Unloading Memory Corruption

58912 Adobe Reader / Acrobat U3D CLODProgressiveMeshDeclaration Array Overflow

Acrobat and Reader are prone to an overflow condition. The programs fail to properly sanitize user-supplied input resulting in an array overflow. With a specially crafted PDF file containing malformed U3D data, a context-dependent attacker can potentially cause arbitrary code execution.
58911 Adobe Reader / Acrobat Unspecified Input Validation DoS (2009-2988)

58910 Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-3458)

58908 Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod...

58906 Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-2998)

58729 Adobe Reader / Acrobat ParamX Parameter PDF File Handling Overflow

A buffer overflow exists in Acrobat & Reader. The applications fail to validate PDF files resulting in an unspecified heap overflow overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
58415 Adobe Acrobat Alert Method Square Bracket Character DoS

Adobe Acrobat contains a flaw that may allow a remote denial of service. The issue is triggered when Acrobat opens a PDF file with a large number of "[" (square bracket) characters to the alert method, and will result in loss of availability for the service.

Snort® IPS/IDS

Date Description
2016-04-05 Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt
RuleID : 37911 - Revision : 1 - Type : FILE-PDF
2016-04-05 Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt
RuleID : 37910 - Revision : 1 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader compact font format memory corruption attempt
RuleID : 28717 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader compact font format memory corruption attempt
RuleID : 28716 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 25588 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader malformed FlateDecode colors declaration
RuleID : 16677 - Revision : 14 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader malformed FlateDecode colors declaration
RuleID : 16676 - Revision : 14 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt
RuleID : 16373 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe JPEG2k uninitialized QCC memory corruption attempt
RuleID : 16325 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader doc.export arbitrary file write attempt
RuleID : 16324 - Revision : 12 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader oversized object width attempt
RuleID : 16322 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader collab.addStateModel remote corruption attempt
RuleID : 16176 - Revision : 13 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader collab.removeStateModel denial of service attempt
RuleID : 16175 - Revision : 14 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt
RuleID : 16174 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt
RuleID : 16173 - Revision : 10 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader U3D line set heap corruption attempt
RuleID : 16172 - Revision : 10 - Type : FILE-PDF
2015-05-28 U3D CLOD Progressive Mesh Continuation incorrect index remote code execution ...
RuleID : 16171 - Revision : 6 - Type : WEB-CLIENT
2015-05-28 U3D CLOD Progressive Mesh Continuation oversized index remote code execution ...
RuleID : 16170 - Revision : 6 - Type : WEB-CLIENT
2015-05-28 Adobe Acrobat Reader javascript heap corruption attempt
RuleID : 16146 - Revision : 5 - Type : EXPLOIT
2014-01-10 Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 15709 - Revision : 19 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO
2009-10-30 Name : The remote openSUSE host is missing a security update.
File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO
2009-10-15 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1499.nasl - Type : ACT_GATHER_INFO
2009-10-14 Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO
2009-10-14 Name : The PDF file viewer on the remote Windows host is affected by a memory corrup...
File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:52:56
  • Multiple Updates