Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titleacroread security update
Informations
NameRHSA-2009:1499First vendor Publication2009-10-14
VendorRedHatLast vendor Modification2009-10-14
Severity (Vendor) CriticalRevision01

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 3 Extras - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 3 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 3 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462)

Multiple flaws were discovered in Adobe Reader. A specially-crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2009-2979, CVE-2009-2988, CVE-2009-3431)

An input validation flaw was found in Adobe Reader. Opening a specially-crafted PDF file could lead to a Trust Manager restrictions bypass. (CVE-2009-2981)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure that all previously-released errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

528071 - CVE-2009-3459 acroread: heap overflow fix in version 8.1.7 (APSB09-15) 528659 - acroread: Multiple arbitrary code execution fixes in 8.1.7 (APSB09-15) 528665 - CVE-2009-2979 CVE-2009-2988 CVE-2009-3431 acroread: Multiple DoS fixes in 8.1.7 (APSB09-15) 528666 - CVE-2009-2981 acroread: Trust Manager restrictions bypass fixed in 8.1.7 (APSB09-15)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2009-1499.html

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20Improper Input Validation
CWE-399Resource Management Errors
CWE-189Numeric Errors (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:6280
 
Oval ID: oval:org.mitre.oval:def:6280
Title: Adobe Reader and Acrobat denial of service via a crafted document
Description: Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a denial of service via a crafted document.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2979
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5964
 
Oval ID: oval:org.mitre.oval:def:5964
Title: Adobe Reader and Acrobat DoS or possibly execute arbitrary code via unspecified vectors
Description: Integer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2980
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6284
 
Oval ID: oval:org.mitre.oval:def:6284
Title: Adobe Reader and Acrobat bypass intended Trust Manager restrictions via unspecified vectors
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to bypass intended Trust Manager restrictions via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2981
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5636
 
Oval ID: oval:org.mitre.oval:def:5636
Title: Adobe Reader and Acrobat cause DoS (memory corruption) or execute arbitrary code via unspecified vectors.
Description: Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2983
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6145
 
Oval ID: oval:org.mitre.oval:def:6145
Title: Adobe Reader and Acrobat cause DoS and Arbitrary Execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2985
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5888
 
Oval ID: oval:org.mitre.oval:def:5888
Title: Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description: Multiple heap-based buffer overflows in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2986
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6483
 
Oval ID: oval:org.mitre.oval:def:6483
Title: Adobe Reader and Acrobat cause Denial of Service Vulnerability
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which allows attackers to cause a denial of service via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2988
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6371
 
Oval ID: oval:org.mitre.oval:def:6371
Title: Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description: Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2990
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5557
 
Oval ID: oval:org.mitre.oval:def:5557
Title: Adobe Reader and Acrobat might allow remote attackers to execute arbitrary code via unknown vectors.
Description: Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2991
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5822
 
Oval ID: oval:org.mitre.oval:def:5822
Title: Adobe Reader and Acrobat cause Multiple Vulnerabilities
Description: The JavaScript for Acrobat API in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 does not properly implement the (1) Privileged Context and (2) Safe Path restrictions for unspecified JavaScript methods, which allows remote attackers to create arbitrary files, and possibly execute arbitrary code, via the cPath parameter in a crafted PDF file. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2993
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6156
 
Oval ID: oval:org.mitre.oval:def:6156
Title: Adobe Reader and Acrobat allow attackers to execute arbitrary code via unspecified vectors
Description: Buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2994
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:5560
 
Oval ID: oval:org.mitre.oval:def:5560
Title: Adobe Reader and Acrobat memory corruption or possibly execute arbitrary code via unspecified vectors
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2985.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2996
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6481
 
Oval ID: oval:org.mitre.oval:def:6481
Title: Adobe Reader and Acrobat cause arbitrary code execution via unspecified vectors
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2997
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6418
 
Oval ID: oval:org.mitre.oval:def:6418
Title: Adobe Reader and Acrobat allow arbitrary code execution and DoS
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.
Family: windows Class: vulnerability
Reference(s): CVE-2009-2998
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6532
 
Oval ID: oval:org.mitre.oval:def:6532
Title: Adobe Reader and Acrobat denial of service (application crash) via a PDF
Description: Stack consumption vulnerability in Adobe Reader and Acrobat 9.1.3, 9.1.2, 9.1.1, and earlier 9.x versions; 8.1.6 and earlier 8.x versions; and possibly 7.1.4 and earlier 7.x versions allows remote attackers to cause a denial of service (application crash) via a PDF file with a large number of [ (open square bracket) characters in the argument to the alert method. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3431
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6499
 
Oval ID: oval:org.mitre.oval:def:6499
Title: Adobe Reader and Acrobat allow arbitrary code execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3458
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6534
 
Oval ID: oval:org.mitre.oval:def:6534
Title: Adobe Reader and Acrobat allow to execute arbitrary code via a crafted PDF file
Description: Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2009-3459
Version: 16
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6429
 
Oval ID: oval:org.mitre.oval:def:6429
Title: DEPRECATED: Adobe Reader and Acrobat 'format bug' remote arbitrary code execution
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Family: windows Class: vulnerability
Reference(s): CVE-2009-3462
Version: 17
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22955
 
Oval ID: oval:org.mitre.oval:def:22955
Title: ELSA-2009:1499: acroread security update (Critical)
Description: Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
Family: unix Class: patch
Reference(s): ELSA-2009:1499-01
CVE-2009-2979
CVE-2009-2980
CVE-2009-2981
CVE-2009-2983
CVE-2009-2985
CVE-2009-2986
CVE-2009-2988
CVE-2009-2990
CVE-2009-2991
CVE-2009-2993
CVE-2009-2994
CVE-2009-2996
CVE-2009-2997
CVE-2009-2998
CVE-2009-3431
CVE-2009-3458
CVE-2009-3459
CVE-2009-3462
Version: 77
Platform(s): Oracle Linux 5
Product(s): acroread
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application82
Application29
Application38

SAINT Exploits

DescriptionLink
Adobe Acrobat Reader U3D CLODMeshContinuation Code ExecutionMore info here
Adobe Reader FlateDecode filter TIFF Predictor integer overflowMore info here

ExploitDB Exploits

idDescription
2009-10-27Adobe Acrobat Reader 7-9 U3D BoF

OpenVAS Exploits

DateDescription
2009-10-27Name : Gentoo Security Advisory GLSA 200910-03 (acroread)
File : nvt/glsa_200910_03.nasl
2009-10-27Name : SuSE Security Advisory SUSE-SA:2009:049 (acroread, acroread_ja)
File : nvt/suse_sa_2009_049.nasl
2009-10-22Name : Adobe Reader Multiple Vulnerabilities - Oct09 (Linux)
File : nvt/gb_adobe_prdts_mult_vuln_oct09_lin.nasl
2009-10-22Name : Adobe Reader/Acrobat Multiple Vulnerabilities - Oct09 (Win)
File : nvt/gb_adobe_prdts_mult_vuln_oct09_win.nasl
2009-10-19Name : RedHat Security Advisory RHSA-2009:1499
File : nvt/RHSA_2009_1499.nasl
2009-10-06Name : Adobe Acrobat PDF File Denial Of Service Vulnerability
File : nvt/gb_adobe_acrobat_pdf_dos_vuln.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
58928Adobe Reader / Acrobat Unspecified Trust Manager Restriction Bypass
58927Adobe Reader / Acrobat Multiple Unspecified Heap Overflows
58926Adobe Reader / Acrobat U3D Processing Heap Corruption
58925Adobe Reader Plug-in for Mozilla Unloading Use-after-free Arbitrary Code Exec...
58924Adobe Reader / Acrobat on Unix Debug Mode Arbitrary Code Execution
58923Adobe Reader / Acrobat Unspecified Memory Corruption (2009-2996)
58922Adobe Reader / Acrobat PDF Compact Font Format Malformed Index Handling Memor...
58921Adobe Reader / Acrobat XMP-XML Entity Expansion Unspecified DoS
58920Adobe Reader / Acrobat PDF U3D File Handling Invalid Array Index Arbitrary Co...
58916Adobe Reader / Acrobat Unspecified Integer Overflow (2009-2980)
58913Adobe Reader / Acrobat COM Object Loading / Unloading Memory Corruption
58912Adobe Reader / Acrobat U3D CLODProgressiveMeshDeclaration Array Overflow
58911Adobe Reader / Acrobat Unspecified Input Validation DoS (2009-2988)
58910Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-3458)
58908Adobe Reader / Acrobat Multiple Unspecified Validation Weakness Arbitrary Cod...
58906Adobe Reader / Acrobat Unspecified Arbitrary Code Execution (2009-2998)
58729Adobe Reader / Acrobat ParamX Parameter PDF File Handling Overflow
58415Adobe Acrobat Alert Method Square Bracket Character DoS

Snort® IPS/IDS

DateDescription
2014-01-10Adobe Acrobat Reader compact font format memory corruption attempt
RuleID : 28717 - Revision : 2 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader compact font format memory corruption attempt
RuleID : 28716 - Revision : 2 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 25588 - Revision : 4 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader malformed FlateDecode colors declaration
RuleID : 16677 - Revision : 10 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader malformed FlateDecode colors declaration
RuleID : 16676 - Revision : 10 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader U3D CLODMeshContinuation code execution attempt
RuleID : 16373 - Revision : 12 - Type : FILE-PDF
2014-01-10Adobe JPEG2k uninitialized QCC memory corruption attempt
RuleID : 16325 - Revision : 12 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader doc.export arbitrary file write attempt
RuleID : 16324 - Revision : 11 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader oversized object width attempt
RuleID : 16322 - Revision : 12 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader collab.addStateModel remote corruption attempt
RuleID : 16176 - Revision : 12 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader collab.removeStateModel denial of service attempt
RuleID : 16175 - Revision : 13 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader U3D progressive mesh continuation off by one index attempt
RuleID : 16174 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader U3D progressive mesh continuation pointer overwrite attempt
RuleID : 16173 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader U3D line set heap corruption attempt
RuleID : 16172 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 15709 - Revision : 15 - Type : FILE-PDF

Metasploit Database

idDescription
2009-10-13 Adobe U3D CLODProgressiveMeshDeclaration Array Overrun
2009-10-08 Adobe FlateDecode Stream Predictor 02 Integer Overflow
2009-10-08 Adobe FlateDecode Stream Predictor 02 Integer Overflow

Nessus® Vulnerability Scanner

DateDescription
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6582.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6583.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6584.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6585.nasl - Type : ACT_GATHER_INFO
2009-10-30Name : The remote openSUSE host is missing a security update.
File : suse_acroread-6588.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-091022.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200910-03.nasl - Type : ACT_GATHER_INFO
2009-10-26Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-091022.nasl - Type : ACT_GATHER_INFO
2009-10-15Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1499.nasl - Type : ACT_GATHER_INFO
2009-10-14Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb09-15.nasl - Type : ACT_GATHER_INFO
2009-10-14Name : The PDF file viewer on the remote Windows host is affected by a memory corrup...
File : adobe_reader_apsb09-15.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:52:56
  • Multiple Updates