9.3 - RHSA-2010:0349

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	acroread security update

Informations
Name	RHSA-2010:0349	First vendor Publication	2010-04-14
Vendor	RedHat	Last vendor Modification	2010-04-14
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes several vulnerabilities in Adobe Reader. These vulnerabilities are summarized on the Adobe Security Advisory APSB10-09 page listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202, CVE-2010-0203, CVE-2010-0204, CVE-2010-1241)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.3.2, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

579213 - CVE-2010-1241 Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005) 581417 - Acroread: Multiple code execution flaws (APSB10-09)

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0349.html

CWE : Common Weakness Enumeration

%	Id	Name
75 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
17 %	CWE-94	Failure to Control Generation of Code ('Code Injection')
8 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:22063

Oval ID:	oval:org.mitre.oval:def:22063
Title:	RHSA-2010:0349: acroread security update (Critical)
Description:	Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0349-01 CVE-2010-0190 CVE-2010-0191 CVE-2010-0192 CVE-2010-0193 CVE-2010-0194 CVE-2010-0195 CVE-2010-0196 CVE-2010-0197 CVE-2010-0198 CVE-2010-0199 CVE-2010-0201 CVE-2010-0202 CVE-2010-0203 CVE-2010-0204 CVE-2010-1241	Version:	198
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	acroread
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section acroread-plugin is earlier than 0:9.3.2-1.el5 AND acroread is earlier than 0:9.3.2-1.el5

Definition Id: oval:org.mitre.oval:def:22734

Oval ID:	oval:org.mitre.oval:def:22734
Title:	ELSA-2010:0349: acroread security update (Critical)
Description:	Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0349-01 CVE-2010-0190 CVE-2010-0191 CVE-2010-0192 CVE-2010-0193 CVE-2010-0194 CVE-2010-0195 CVE-2010-0196 CVE-2010-0197 CVE-2010-0198 CVE-2010-0199 CVE-2010-0201 CVE-2010-0202 CVE-2010-0203 CVE-2010-0204 CVE-2010-1241	Version:	65
Platform(s):	Oracle Linux 5	Product(s):	acroread
Definition Synopsis:
Oracle Linux 5.x rpm test acroread-plugin is earlier than 0:9.3.2-1.el5 AND acroread is earlier than 0:9.3.2-1.el5

Definition Id: oval:org.mitre.oval:def:6729

Oval ID:	oval:org.mitre.oval:def:6729
Title:	Adobe Reader and Acrobat Prefix Protocol Handler Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0191	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:6733

Oval ID:	oval:org.mitre.oval:def:6733
Title:	Adobe Reader and Acrobat Buffer Overflow Vulnerability
Description:	Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0203.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0202	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:6823

Oval ID:	oval:org.mitre.oval:def:6823
Title:	Adobe Reader and Acrobat Memory Corruption Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0197, CVE-2010-0201, and CVE-2010-0204.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0194	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:6900

Oval ID:	oval:org.mitre.oval:def:6900
Title:	Adobe Reader and Acrobat Buffer Overflow Vulnerability
Description:	Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0202, and CVE-2010-0203.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0199	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:6940

Oval ID:	oval:org.mitre.oval:def:6940
Title:	Adobe Reader and Acrobat Heap-based Overflow Vulnerability
Description:	Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-1241	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:6986

Oval ID:	oval:org.mitre.oval:def:6986
Title:	Adobe Reader and Acrobat Cross-site Scripting Vulnerability
Description:	Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0190	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7046

Oval ID:	oval:org.mitre.oval:def:7046
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0193 and CVE-2010-0196.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0192	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7056

Oval ID:	oval:org.mitre.oval:def:7056
Title:	Adobe Reader and Acrobat Memory Corruption Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0204.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0201	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7064

Oval ID:	oval:org.mitre.oval:def:7064
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0193.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0196	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7106

Oval ID:	oval:org.mitre.oval:def:7106
Title:	Adobe Reader and Acrobat Buffer Overflow Vulnerability
Description:	Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0199, CVE-2010-0202, and CVE-2010-0203.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0198	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7298

Oval ID:	oval:org.mitre.oval:def:7298
Title:	Adobe Reader and Acrobat Memory Corruption Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0201, and CVE-2010-0204.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0197	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7352

Oval ID:	oval:org.mitre.oval:def:7352
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2010-0192 and CVE-2010-0196.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0193	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7387

Oval ID:	oval:org.mitre.oval:def:7387
Title:	Adobe Reader and Acrobat Memory Corruption Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allow attackers to cause a denial of service (memory corruption) or execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0194, CVE-2010-0197, and CVE-2010-0201.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0204	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7420

Oval ID:	oval:org.mitre.oval:def:7420
Title:	Adobe Reader and Acrobat Font Handling Vulnerability
Description:	Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, do not properly handle fonts, which allows attackers to execute arbitrary code via unspecified vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0195	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

Definition Id: oval:org.mitre.oval:def:7494

Oval ID:	oval:org.mitre.oval:def:7494
Title:	Adobe Reader and Acrobat Buffer Overflow Vulnerability
Description:	Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2010-0198, CVE-2010-0199, and CVE-2010-0202.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-0203	Version:	18
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than 8.2.2 AND Adobe Reader library is less than 8.2.2 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than 9.3.2 AND Adobe Reader library is less than 9.3.2 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than 8.2.2 AND Adobe Acrobat library is less than 8.2.2 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than 9.3.2 AND Adobe Acrobat library is less than 9.3.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:2.3:a:adobe:acrobat:9.3.1:::::::* cpe:2.3:a:adobe:acrobat:9.3:::::::* cpe:2.3:a:adobe:acrobat:9.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.3:::::::* cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:8.2.1:::::::* cpe:2.3:a:adobe:acrobat:8.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.7:::::::* cpe:2.3:a:adobe:acrobat:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:8.1.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.4:::::::* cpe:2.3:a:adobe:acrobat:8.1.3:::::::* cpe:2.3:a:adobe:acrobat:8.1.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.1:::::::* cpe:2.3:a:adobe:acrobat:8.1:::::::* cpe:2.3:a:adobe:acrobat:8.0:::::::*	19
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*	18

OpenVAS Exploits

Date	Description
2011-03-09	Name : Gentoo Security Advisory GLSA 201009-05 (acroread) File : nvt/glsa_201009_05.nasl
2010-04-29	Name : SuSE Update for acroread SUSE-SA:2010:022 File : nvt/gb_suse_2010_022.nasl
2010-04-16	Name : Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux) File : nvt/secpod_adobe_prdts_mult_vuln_apr10_lin.nasl
2010-04-16	Name : Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Windows) File : nvt/secpod_adobe_prdts_mult_vuln_apr10_win.nasl
2010-04-07	Name : Adobe Reader PDF Handling Denial Of Service Vulnerability (Linux) File : nvt/gb_adobe_reader_pdf_doc_dos_vuln_lin.nasl
2010-04-07	Name : Adobe Reader PDF Handling Multiple Vulnerabilities (Win) File : nvt/gb_adobe_reader_pdf_doc_mult_vuln_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
63764	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-0204)
63763	Adobe Reader / Acrobat BMP Image Data Handling Overflow
63762	Adobe Reader / Acrobat GIF Image Data Handling Overflow
63761	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-0201)
63760	Adobe Reader / Acrobat JPEG Image Data Handling Overflow
63759	Adobe Reader / Acrobat PNG Image Data Handling Overflow
63758	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-0197)
63757	Adobe Reader / Acrobat UU3D CLODMeshDeclaration Shading Count Memory Corruption
63756	Adobe Reader / Acrobat PDF Document Embedded TrueType Font Handling Arbitrary...
63755	Adobe Reader / Acrobat PDF DeviceRGB Subtype Handling Memory Corruption
63754	Adobe Reader / Acrobat Unspecified DoS (2010-0193)
63753	Adobe Reader / Acrobat Unspecified DoS (2010-0192)
63752	Adobe Reader / Acrobat Prefix Protocol Handler Arbitrary Code Execution (2010...
63751	Adobe Reader / Acrobat Unspecified XSS
63618	Adobe Reader Custom Heap Management System CFF Encoding Handling Memory Corru...

Snort® IPS/IDS

Date	Description
2014-01-10	Adobe Acrobat TrueType font handling remote code execution attempt RuleID : 28643 - Revision : 7 - Type : FILE-PDF
2014-01-10	Adobe Acrobat TrueType font handling remote code execution attempt RuleID : 28642 - Revision : 7 - Type : FILE-PDF
2014-01-10	Adobe Acrobat TrueType font handling remote code execution attempt RuleID : 28389 - Revision : 7 - Type : FILE-PDF
2014-01-10	Adobe Acrobat TrueType font handling remote code execution attempt RuleID : 28388 - Revision : 7 - Type : FILE-PDF
2014-01-10	Adobe Flash Player newfunction memory corruption exploit attempt RuleID : 23592 - Revision : 7 - Type : FILE-FLASH
2014-01-10	Adobe Acrobat Reader malformed Richmedia annotation exploit attempt RuleID : 23509 - Revision : 5 - Type : FILE-PDF
2014-01-10	Adobe Flash Player newfunction memory corruption exploit attempt RuleID : 19408 - Revision : 12 - Type : FILE-FLASH
2014-01-10	Adobe Acrobat Reader Linux malformed U3D mesh deceleration block exploit attempt RuleID : 16603 - Revision : 14 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader/Acrobat Pro CFF font parsing heap overflow attempt RuleID : 16546 - Revision : 12 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader malformed Richmedia annotation exploit attempt RuleID : 16545 - Revision : 21 - Type : FILE-PDF
2015-05-28	Adobe Reader Linux malformed U3D mesh deceleration block exploit attempt RuleID : 16544 - Revision : 6 - Type : WEB-CLIENT

Nessus® Vulnerability Scanner

Date	Description
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6993.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6994.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6995.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-100418.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-100419.nasl - Type : ACT_GATHER_INFO
2010-09-08	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201009-05.nasl - Type : ACT_GATHER_INFO
2010-05-11	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0349.nasl - Type : ACT_GATHER_INFO
2010-04-22	Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-100418.nasl - Type : ACT_GATHER_INFO
2010-04-22	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-100418.nasl - Type : ACT_GATHER_INFO
2010-04-22	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-100419.nasl - Type : ACT_GATHER_INFO
2010-04-13	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-09.nasl - Type : ACT_GATHER_INFO
2010-04-13	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb10-09.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:53:27	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	12
Oval ID(s)	17
CPE ID(s)	37
osvdb(s)	15
Openvas Exploit(s)	6
Snort® Rule(s)	11
Nessus® Exploit(s)	12

	Related
9.3	CVE-2010-1241
9.3	CVE-2010-0204
9.3	CVE-2010-0203
9.3	CVE-2010-0202
9.3	CVE-2010-0201
9.3	CVE-2010-0199
9.3	CVE-2010-0198
9.3	CVE-2010-0197
9.3	CVE-2010-0196
9.3	CVE-2010-0195
9.3	CVE-2010-0194
9.3	CVE-2010-0193
9.3	CVE-2010-0192
9.3	CVE-2010-0191
4.3	CVE-2010-0190
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 15 more Alert(s)