RHSA-2009:1499

Executive Summary

Summary
Title	acroread security update

Informations
Name	RHSA-2009:1499	First vendor Publication	2009-10-14
Vendor	RedHat	Last vendor Modification	2009-10-14
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix multiple security issues are now
available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4
Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red
Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64
RHEL Supplementary (v. 5 server) - i386, x86_64
Red Hat Desktop version 3 Extras - i386, x86_64
Red Hat Desktop version 4 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64
Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64
Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF
file could cause Adobe Reader to crash or, potentially, execute arbitrary
code as the user running Adobe Reader when opened. (CVE-2009-2980,
CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991,
CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998,
CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF
file could cause Adobe Reader to crash when opened. (CVE-2009-2979,
CVE-2009-2988, CVE-2009-3431)

An input validation flaw was found in Adobe Reader. Opening a
specially-crafted PDF file could lead to a Trust Manager restrictions
bypass. (CVE-2009-2981)

All Adobe Reader users should install these updated packages. They contain
Adobe Reader version 8.1.7, which is not vulnerable to these issues. All
running instances of Adobe Reader must be restarted for the update to take
effect.

4. Solution:

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

528071 - CVE-2009-3459 acroread: heap overflow fix in version 8.1.7 (APSB09-15)
528659 - acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15)
528665 - CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15)
528666 - CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1499.html

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20	Improper Input Validation
CWE-399	Resource Management Errors
CWE-189	Numeric Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6280

Oval ID:	oval:org.mitre.oval:def:6280
Title:	Adobe Reader and Acrobat denial of service via a crafted document
Description:	Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2979	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5964

Oval ID:	oval:org.mitre.oval:def:5964
Title:	Adobe Reader and Acrobat DoS or possibly execute arbitrary code via unspecified vectors
Description:	Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2980	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6284

Oval ID:	oval:org.mitre.oval:def:6284
Title:	Adobe Reader and Acrobat bypass intended Trust Manager restrictions via unspecified vectors
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2981	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5636

Oval ID:	oval:org.mitre.oval:def:5636
Title:	Adobe Reader and Acrobat cause DoS (memory corruption) or execute arbitrary code via unspecified vectors.
Description:	Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2983	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6145

Oval ID:	oval:org.mitre.oval:def:6145
Title:	Adobe Reader and Acrobat cause DoS and Arbitrary Execution
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2985	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5888

Oval ID:	oval:org.mitre.oval:def:5888
Title:	Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description:	Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2986	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6483

Oval ID:	oval:org.mitre.oval:def:6483
Title:	Adobe Reader and Acrobat cause Denial of Service Vulnerability
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2988	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6371

Oval ID:	oval:org.mitre.oval:def:6371
Title:	Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description:	Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2990	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5557

Oval ID:	oval:org.mitre.oval:def:5557
Title:	Adobe Reader and Acrobat might allow remote attackers to execute arbitrary code via unknown vectors.
Description:	Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2991	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5822

Oval ID:	oval:org.mitre.oval:def:5822
Title:	Adobe Reader and Acrobat cause Multiple Vulnerabilities
Description:	The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2993	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6156

Oval ID:	oval:org.mitre.oval:def:6156
Title:	Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description:	Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2994	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:5560

Oval ID:	oval:org.mitre.oval:def:5560
Title:	Adobe Reader and Acrobat memory corruption or possibly execute arbitrary code via unspecified vectors
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2996	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6481

Oval ID:	oval:org.mitre.oval:def:6481
Title:	Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description:	Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2997	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6418

Oval ID:	oval:org.mitre.oval:def:6418
Title:	Adobe Reader and Acrobat allow arbitrary code execution and DoS
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-2998	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6532

Oval ID:	oval:org.mitre.oval:def:6532
Title:	Adobe Reader and Acrobat denial of service (application crash) via a PDF
Description:	Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3431	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6499

Oval ID:	oval:org.mitre.oval:def:6499
Title:	Adobe Reader and Acrobat allow arbitrary code execution
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3458	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6534

Oval ID:	oval:org.mitre.oval:def:6534
Title:	Adobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF file
Description:	Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3459	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

Definition Id: oval:org.mitre.oval:def:6429

Oval ID:	oval:org.mitre.oval:def:6429
Title:	Adobe Reader and Acrobat 'format bug' remote arbitrary code execution
Description:	Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2009-3462	Version:	11
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 7 Adobe Reader 7 Series is installed AND Adobe Reader 7, the sub-version is vulnerable Adobe Reader is less than 7.1.4 AND Adobe Reader library is less than 7.1.4.2009100300 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.1.7 AND Adobe Reader library is less than 8.1.7.59 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.2.0 AND Adobe Reader library is less than 9.1.0.2009022700 OR Adobe Acrobat 7 Adobe Acrobat 7 Series is installed AND Adobe Acrobat 7, the sub-version is vulnerable Adobe Acrobat is less than 7.1.4 AND Adobe Acrobat library is less than 7.1.4.2009100300 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.1.7 AND Adobe Acrobat library is less than 8.1.7.59 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 9.2.0 AND Adobe Acrobat library is less than 9.1.0.2009022700

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:/a:adobe:acrobat:9.1.3 cpe:/a:adobe:acrobat:9.1.2 cpe:/a:adobe:acrobat:9.1.1 cpe:/a:adobe:acrobat:9.1::standard cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.0.0 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:9.0::standard cpe:/a:adobe:acrobat:9 cpe:/a:adobe:acrobat:8.1.6 cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.4::professional cpe:/a:adobe:acrobat:8.1.4::standard cpe:/a:adobe:acrobat:8.1.3::professional cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.3::standard cpe:/a:adobe:acrobat:8.1.2:security_update:professional cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.2::professional cpe:/a:adobe:acrobat:8.1.2::standard cpe:/a:adobe:acrobat:8.1.1::professional cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1.1::standard cpe:/a:adobe:acrobat:8.1::standard cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.0.0 cpe:/a:adobe:acrobat:8.0::standard cpe:/a:adobe:acrobat:8.0::professional cpe:/a:adobe:acrobat:8.0 cpe:/a:adobe:acrobat:7.1.3 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.1::standard cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.1::standard cpe:/a:adobe:acrobat:7.1::professional cpe:/a:adobe:acrobat:7.1 cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.9::professional cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.8::standard cpe:/a:adobe:acrobat:7.0.8::professional cpe:/a:adobe:acrobat:7.0.8::elements cpe:/a:adobe:acrobat:7.0.7::standard cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.7::professional cpe:/a:adobe:acrobat:7.0.6::standard cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.6::professional cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.5::standard cpe:/a:adobe:acrobat:7.0.5::professional cpe:/a:adobe:acrobat:7.0.4::professional cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.4::standard cpe:/a:adobe:acrobat:7.0.3::professional cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.3::standard cpe:/a:adobe:acrobat:7.0.2::professional cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.2::standard cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0.1::standard cpe:/a:adobe:acrobat:7.0.1::professional cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:7.0::professional cpe:/a:adobe:acrobat:7.0::standard cpe:/a:adobe:acrobat:6.0.5 cpe:/a:adobe:acrobat:6.0.4 cpe:/a:adobe:acrobat:6.0.3 cpe:/a:adobe:acrobat:6.0.2 cpe:/a:adobe:acrobat:6.0.1 cpe:/a:adobe:acrobat:6.0 cpe:/a:adobe:acrobat:5.0.6 cpe:/a:adobe:acrobat:5.0.5 cpe:/a:adobe:acrobat:5.0.10 cpe:/a:adobe:acrobat:5.0 cpe:/a:adobe:acrobat:4.0.5c cpe:/a:adobe:acrobat:4.0.5a cpe:/a:adobe:acrobat:4.0.5 cpe:/a:adobe:acrobat:4.0 cpe:/a:adobe:acrobat:3.1 cpe:/a:adobe:acrobat:3.0	82
Application	Adobe Acrobat Reader cpe:/a:adobe:acrobat_reader:9.1.3 cpe:/a:adobe:acrobat_reader:9.1.2 cpe:/a:adobe:acrobat_reader:9.1.1 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.0 cpe:/a:adobe:acrobat_reader:9 cpe:/a:adobe:acrobat_reader:8.1.6 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.3 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.2:security_update cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:7.1.3 cpe:/a:adobe:acrobat_reader:7.1.1 cpe:/a:adobe:acrobat_reader:7.1.0 cpe:/a:adobe:acrobat_reader:7.1 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0	29
Application	Adobe Reader cpe:/a:adobe:reader:9.1.3 cpe:/a:adobe:reader:9.1.2 cpe:/a:adobe:reader:9.1 cpe:/a:adobe:reader:9.0 cpe:/a:adobe:reader:8.1.6 cpe:/a:adobe:reader:8.1.4 cpe:/a:adobe:reader:8.1.2 cpe:/a:adobe:reader:8.1.1 cpe:/a:adobe:reader:7.1.3 cpe:/a:adobe:reader:7.1.1 cpe:/a:adobe:reader:7.1.0 cpe:/a:adobe:reader:7.0.9 cpe:/a:adobe:reader:7.0.8 cpe:/a:adobe:reader:7.0.7 cpe:/a:adobe:reader:7.0.5 cpe:/a:adobe:reader:7.0.3 cpe:/a:adobe:reader:7.0.2 cpe:/a:adobe:reader:7.0.1 cpe:/a:adobe:reader:6.0.5 cpe:/a:adobe:reader:6.0.4 cpe:/a:adobe:reader:6.0.3 cpe:/a:adobe:reader:6.0.2 cpe:/a:adobe:reader:6.0.1 cpe:/a:adobe:reader:6.0 cpe:/a:adobe:reader:5.1 cpe:/a:adobe:reader:5.0.9 cpe:/a:adobe:reader:5.0.7 cpe:/a:adobe:reader:5.0.6 cpe:/a:adobe:reader:5.0.5 cpe:/a:adobe:reader:5.0.11 cpe:/a:adobe:reader:5.0.10 cpe:/a:adobe:reader:5.0 cpe:/a:adobe:reader:4.5 cpe:/a:adobe:reader:4.0.5c cpe:/a:adobe:reader:4.0.5a cpe:/a:adobe:reader:4.0.5 cpe:/a:adobe:reader:4.0 cpe:/a:adobe:reader:3.0	38

SAINT Exploits

Description	Link
Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution	More info here
Adobe Reader FlateDecode filter TIFF Predictor integer overflow	More info here

ExploitDB Exploits

id	Description
2009-10-27	Adobe Acrobat Reader 7-9 U3D BoF

Open Source Vulnerability Database (OSVDB)

id	Description
58928	Adobe Reader / Acrobat Unspecified Trust Manager Restriction Bypass
58927	Adobe Reader / Acrobat Multiple Unspecified Heap Overflows
58926	Adobe Reader / Acrobat U3D Processing Heap Corruption
58925	Adobe Reader Plug-in for Mozilla Unloading Use-after-free Arbitrary Code Exec...
58924	Adobe Reader / Acrobat on Unix Debug Mode Arbitrary Code Execution
58923	Adobe Reader / Acrobat Unspecified Memory Corruption (2009-2996)
58922	Adobe Reader / Acrobat PDF Compact Font Format Malformed Index Handling Memor...
58921	Adobe Reader / Acrobat XMP-XML Entity Expansion Unspecified DoS
58920	Adobe Reader / Acrobat PDF U3D File Handling Invalid Array Index Arbitrary Co...
58916	Adobe Reader / Acrobat Unspecified Integer Overflow (2009-2980)
58913	Adobe Reader / Acrobat COM Object Loading / Unloading Memory Corruption
58912	Adobe Reader / Acrobat U3D CLODProgressiveMeshDeclaration Array Overflow
58911	Adobe Reader / Acrobat Unspecified Input Validation DoS (2009-2988)
58910	Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-3458)
58908	Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod...
58906	Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-2998)
58729	Adobe Reader / Acrobat ParamX Parameter PDF File Handling Overflow
58415	Adobe Acrobat Alert Method Square Bracket Character DoS

Metasploit Database

id	Description
2009-10-13	Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
2009-10-08	Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-10-08	Adobe FlateDecode Stream Predictor 02 Integer Overflow

Global Informations

Type	Count
Oval ID(s)	18
CPE ID(s)	149
Saint Exploit(s)	2
osvdb(s)	18
ExploitDB Exploit(s)	1
Metasploit Exploit(s)	3

Related	Severity
CVE-2009-3459	(Critical)
CVE-2009-3458	(Critical)
CVE-2009-2998	(Critical)
CVE-2009-2997	(Critical)
CVE-2009-2996	(Critical)
CVE-2009-2994	(Critical)
CVE-2009-2993	(Critical)
CVE-2009-2991	(Critical)
CVE-2009-2990	(Critical)
CVE-2009-2986	(Critical)
CVE-2009-2985	(Critical)
CVE-2009-2983	(Critical)
CVE-2009-2981	(Critical)
CVE-2009-2980	(Critical)
CVE-2009-3462	(Medium)
CVE-2009-3431	(Medium)
CVE-2009-2988	(Medium)
CVE-2009-2979	(Medium)