Executive Summary
Summary | |
---|---|
Title | acroread security update |
Informations | |||
---|---|---|---|
Name | RHSA-2009:1499 | First vendor Publication | 2009-10-14 |
Vendor | RedHat | Last vendor Modification | 2009-10-14 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2009-2979, CVE-2009-2988, CVE-2009-3431) An input validation flaw was found in Adobe Reader. Opening a specially-crafted PDF file could lead to a Trust Manager restrictions bypass. (CVE-2009-2981) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure that all previously-released errata relevant to your system have been applied. This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 528071 - CVE-2009-3459 acroread: heap overflow fix in version 8.1.7 (APSB09-15) 528659 - acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15) 528665 - CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15) 528666 - CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2009-1499.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
33 % | CWE-20 | Improper Input Validation |
20 % | CWE-399 | Resource Management Errors |
13 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:22955 | |||
Oval ID: | oval:org.mitre.oval:def:22955 | ||
Title: | ELSA-2009:1499: acroread security update (Critical) | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2009:1499-01 CVE-2009-2979 CVE-2009-2980 CVE-2009-2981 CVE-2009-2983 CVE-2009-2985 CVE-2009-2986 CVE-2009-2988 CVE-2009-2990 CVE-2009-2991 CVE-2009-2993 CVE-2009-2994 CVE-2009-2996 CVE-2009-2997 CVE-2009-2998 CVE-2009-3431 CVE-2009-3458 CVE-2009-3459 CVE-2009-3462 | Version: | 77 |
Platform(s): | Oracle Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:5557 | |||
Oval ID: | oval:org.mitre.oval:def:5557 | ||
Title: | Adobe Reader and Acrobat might allow remote attackers to execute arbitrary code via unknown vectors. | ||
Description: | Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2991 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5560 | |||
Oval ID: | oval:org.mitre.oval:def:5560 | ||
Title: | Adobe Reader and Acrobat memory corruption or possibly execute arbitrary code via unspecified vectors | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2996 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5636 | |||
Oval ID: | oval:org.mitre.oval:def:5636 | ||
Title: | Adobe Reader and Acrobat cause DoS (memory corruption) or execute arbitrary code via unspecified vectors. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2983 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5822 | |||
Oval ID: | oval:org.mitre.oval:def:5822 | ||
Title: | Adobe Reader and Acrobat cause Multiple Vulnerabilities | ||
Description: | The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2993 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5888 | |||
Oval ID: | oval:org.mitre.oval:def:5888 | ||
Title: | Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors | ||
Description: | Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2986 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:5964 | |||
Oval ID: | oval:org.mitre.oval:def:5964 | ||
Title: | Adobe Reader and Acrobat DoS or possibly execute arbitrary code via unspecified vectors | ||
Description: | Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2980 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6145 | |||
Oval ID: | oval:org.mitre.oval:def:6145 | ||
Title: | Adobe Reader and Acrobat cause DoS and Arbitrary Execution | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2985 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6156 | |||
Oval ID: | oval:org.mitre.oval:def:6156 | ||
Title: | Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors | ||
Description: | Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2994 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6280 | |||
Oval ID: | oval:org.mitre.oval:def:6280 | ||
Title: | Adobe Reader and Acrobat denial of service via a crafted document | ||
Description: | Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2979 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6284 | |||
Oval ID: | oval:org.mitre.oval:def:6284 | ||
Title: | Adobe Reader and Acrobat bypass intended Trust Manager restrictions via unspecified vectors | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2981 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6371 | |||
Oval ID: | oval:org.mitre.oval:def:6371 | ||
Title: | Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors | ||
Description: | Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2990 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6418 | |||
Oval ID: | oval:org.mitre.oval:def:6418 | ||
Title: | Adobe Reader and Acrobat allow arbitrary code execution and DoS | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2998 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6429 | |||
Oval ID: | oval:org.mitre.oval:def:6429 | ||
Title: | DEPRECATED: Adobe Reader and Acrobat 'format bug' remote arbitrary code execution | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3462 | Version: | 17 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6481 | |||
Oval ID: | oval:org.mitre.oval:def:6481 | ||
Title: | Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors | ||
Description: | Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2997 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6483 | |||
Oval ID: | oval:org.mitre.oval:def:6483 | ||
Title: | Adobe Reader and Acrobat cause Denial of Service Vulnerability | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-2988 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6499 | |||
Oval ID: | oval:org.mitre.oval:def:6499 | ||
Title: | Adobe Reader and Acrobat allow arbitrary code execution | ||
Description: | Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3458 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6532 | |||
Oval ID: | oval:org.mitre.oval:def:6532 | ||
Title: | Adobe Reader and Acrobat denial of service (application crash) via a PDF | ||
Description: | Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3431 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6534 | |||
Oval ID: | oval:org.mitre.oval:def:6534 | ||
Title: | Adobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF file | ||
Description: | Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-3459 | Version: | 16 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution | More info here |
Adobe Reader FlateDecode filter TIFF Predictor integer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2009-10-27 | Adobe Acrobat Reader 7-9 U3D BoF |
OpenVAS Exploits
Date | Description |
---|---|
2009-10-27 | Name : Gentoo Security Advisory GLSA 200910-03 (acroread) File : nvt/glsa_200910_03.nasl |
2009-10-27 | Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja) File : nvt/suse_sa_2009_049.nasl |
2009-10-22 | Name : Adobe Reader Multiple Vulnerabilities - Oct09 (Linux) File : nvt/gb_adobe_prdts_mult_vuln_oct09_lin.nasl |
2009-10-22 | Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win) File : nvt/gb_adobe_prdts_mult_vuln_oct09_win.nasl |
2009-10-19 | Name : RedHat Security Advisory RHSA-2009:1499 File : nvt/RHSA_2009_1499.nasl |
2009-10-06 | Name : Adobe Acrobat PDF File Denial Of Service Vulnerability File : nvt/gb_adobe_acrobat_pdf_dos_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
58928 | Adobe Reader / Acrobat Unspecified Trust Manager Restriction Bypass |
58927 | Adobe Reader / Acrobat Multiple Unspecified Heap Overflows |
58926 | Adobe Reader / Acrobat U3D Processing Heap Corruption |
58925 | Adobe Reader Plug-in for Mozilla Unloading Use-after-free Arbitrary Code Exec... |
58924 | Adobe Reader / Acrobat on Unix Debug Mode Arbitrary Code Execution |
58923 | Adobe Reader / Acrobat Unspecified Memory Corruption (2009-2996) |
58922 | Adobe Reader / Acrobat PDF Compact Font Format Malformed Index Handling Memor... |
58921 | Adobe Reader / Acrobat XMP-XML Entity Expansion Unspecified DoS |
58920 | Adobe Reader / Acrobat PDF U3D File Handling Invalid Array Index Arbitrary Co... |
58916 | Adobe Reader / Acrobat Unspecified Integer Overflow (2009-2980) |
58913 | Adobe Reader / Acrobat COM Object Loading / Unloading Memory Corruption |
58912 | Adobe Reader / Acrobat U3D CLODProgressiveMeshDeclaration Array Overflow Acrobat and Reader are prone to an overflow condition. The programs fail to properly sanitize user-supplied input resulting in an array overflow. With a specially crafted PDF file containing malformed U3D data, a context-dependent attacker can potentially cause arbitrary code execution. |
58911 | Adobe Reader / Acrobat Unspecified Input Validation DoS (2009-2988) |
58910 | Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-3458) |
58908 | Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod... |
58906 | Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-2998) |
58729 | Adobe Reader / Acrobat ParamX Parameter PDF File Handling Overflow A buffer overflow exists in Acrobat & Reader. The applications fail to validate PDF files resulting in an unspecified heap overflow overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
58415 | Adobe Acrobat Alert Method Square Bracket Character DoS Adobe Acrobat contains a flaw that may allow a remote denial of service. The issue is triggered when Acrobat opens a PDF file with a large number of "[" (square bracket) characters to the alert method, and will result in loss of availability for the service. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-04-05 | Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt RuleID : 37911 - Revision : 1 - Type : FILE-PDF |
2016-04-05 | Adobe Acrobat and Reader U3D Buffer Overflow buffer overflow attempt RuleID : 37910 - Revision : 1 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader compact font format memory corruption attempt RuleID : 28717 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader compact font format memory corruption attempt RuleID : 28716 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader FlateDecode integer overflow attempt RuleID : 25588 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader malformed FlateDecode colors declaration RuleID : 16677 - Revision : 14 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader malformed FlateDecode colors declaration RuleID : 16676 - Revision : 14 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt RuleID : 16373 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe JPEG2k uninitialized QCC memory corruption attempt RuleID : 16325 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader doc.export arbitrary file write attempt RuleID : 16324 - Revision : 12 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader oversized object width attempt RuleID : 16322 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader collab.addStateModel remote corruption attempt RuleID : 16176 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader collab.removeStateModel denial of service attempt RuleID : 16175 - Revision : 14 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt RuleID : 16174 - Revision : 10 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt RuleID : 16173 - Revision : 10 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader U3D line set heap corruption attempt RuleID : 16172 - Revision : 10 - Type : FILE-PDF |
2015-05-28 | U3D CLOD Progressive Mesh Continuation incorrect index remote code execution ... RuleID : 16171 - Revision : 6 - Type : WEB-CLIENT |
2015-05-28 | U3D CLOD Progressive Mesh Continuation oversized index remote code execution ... RuleID : 16170 - Revision : 6 - Type : WEB-CLIENT |
2015-05-28 | Adobe Acrobat Reader javascript heap corruption attempt RuleID : 16146 - Revision : 5 - Type : EXPLOIT |
2014-01-10 | Adobe Acrobat Reader FlateDecode integer overflow attempt RuleID : 15709 - Revision : 19 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO |
2009-10-30 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-26 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO |
2009-10-15 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1499.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO |
2009-10-14 | Name : The PDF file viewer on the remote Windows host is affected by a memory corrup... File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:52:56 |
|