Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Sun Alert 265330 Multiple Security Vulnerabilities in Adobe Reader for Solaris 10 May Allow Execution of Arbitrary Code or Cause Denial of Service (DoS) (Adobe Security Bulletin APSB09-07)
Informations
Name SUN-265330 First vendor Publication 2009-08-11
Vendor Sun Last vendor Modification 2009-09-01
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score 9.3 Attack Range Network
Cvss Impact Score 10 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Product: Solaris 10 Operating System

Multiple security vulnerabilities in Adobe Reader and Acrobat versions prior to 9.1.2, 8.1.6, and 7.1.3 may allow a remote unprivileged user to execute arbitrary code with the privileges of the user running Adobe Reader or crash the Adobe Reader application, thereby causing a Denial of Service (DoS) condition.

These issues are also described in the following documents:
APSB09-07 at: http://www.adobe.com/support/security/bulletins/apsb09-07.html
US-CERT-TA09-161A at: http://www.us-cert.gov/cas/techalerts/TA09-161A.html
CVE-2009-0198 at: http://www.security-database.com/detail.php?cve=CVE-2009-0198
CVE-2009-0509 at: http://www.security-database.com/detail.php?cve=CVE-2009-0509
CVE-2009-0510 at: http://www.security-database.com/detail.php?cve=CVE-2009-0510
CVE-2009-0511 at: http://www.security-database.com/detail.php?cve=CVE-2009-0511
CVE-2009-0512 at: http://www.security-database.com/detail.php?cve=CVE-2009-0512
CVE-2009-0888 at: http://www.security-database.com/detail.php?cve=CVE-2009-0888
CVE-2009-0889 at: http://www.security-database.com/detail.php?cve=CVE-2009-0889
CVE-2009-1855 at: http://www.security-database.com/detail.php?cve=CVE-2009-1855
CVE-2009-1856 at: http://www.security-database.com/detail.php?cve=CVE-2009-1856
CVE-2009-1857 at: http://www.security-database.com/detail.php?cve=CVE-2009-1857
CVE-2009-1858 at: http://www.security-database.com/detail.php?cve=CVE-2009-1858
CVE-2009-1859 at: http://www.security-database.com/detail.php?cve=CVE-2009-1859
CVE-2009-1861 at: http://www.security-database.com/detail.php?cve=CVE-2009-1861


State: Resolved
First released: 11-Aug-2009
Sun Alert Link:http://sunsolve.sun.com/search/document.do?assetkey=1-66-265330-1

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_265330_multiple_security

CWE : Common Weakness Enumeration

% Id Name
69 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
23 % CWE-399 Resource Management Errors
8 % CWE-189 Numeric Errors (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 60
Application 23

OpenVAS Exploits

Date Description
2009-09-09 Name : SuSE Security Summary SUSE-SR:2009:014
File : nvt/suse_sr_2009_014.nasl
2009-07-29 Name : Gentoo Security Advisory GLSA 200907-06 (acroread)
File : nvt/glsa_200907_06.nasl
2009-07-06 Name : SuSE Security Advisory SUSE-SA:2009:035 (acroread)
File : nvt/suse_sa_2009_035.nasl
2009-07-06 Name : SuSE Security Summary SUSE-SR:2009:012
File : nvt/suse_sr_2009_012.nasl
2009-06-23 Name : RedHat Security Advisory RHSA-2009:1109
File : nvt/RHSA_2009_1109.nasl
2009-06-16 Name : Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux)
File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_lin.nasl
2009-06-16 Name : Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win)
File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_win.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
56118 Adobe Reader / Acrobat PDF File JPX (aka JPEG2000) Stream Handling Multiple O...
56117 Adobe Reader / Acrobat Unspecified Memory Corruption
56116 Adobe Reader / Acrobat JBIG2 Filter Unspecified Memory Corruption
56115 Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0512)
56114 Adobe Reader / Acrobat PDF File TrueType Font Handling Memory Corruption
56113 Adobe Reader / Acrobat PDF File FlateDecode Filter Parameter Handling Unspeci...
56112 Adobe Reader / Acrobat U3D Model Crafted Extension Block Handling Overflow
56111 Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0889)
56110 Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0888)
56109 Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0511)
56108 Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0510)
56107 Adobe Reader / Acrobat JBIG2 Filter Crafted File Handling Unspecified Overflow
56106 Adobe Reader / Acrobat JBIG2 Filter Huffman Encoded Text Region Segment Handl...

Snort® IPS/IDS

Date Description
2016-03-22 Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt
RuleID : 37712 - Revision : 1 - Type : FILE-PDF
2014-01-10 Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt
RuleID : 28626 - Revision : 8 - Type : FILE-PDF
2014-01-10 Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt
RuleID : 28303 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt
RuleID : 25767 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 25588 - Revision : 5 - Type : FILE-PDF
2014-01-10 Adobe RoboHelp Server Arbitrary File Upload and Execute
RuleID : 17529 - Revision : 10 - Type : SERVER-WEBAPP
2014-01-10 Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt
RuleID : 17526 - Revision : 14 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader FlateDecode integer overflow attempt
RuleID : 15709 - Revision : 19 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt
RuleID : 15562 - Revision : 14 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-6331.nasl - Type : ACT_GATHER_INFO
2011-01-27 Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-6398.nasl - Type : ACT_GATHER_INFO
2009-10-06 Name : The remote openSUSE host is missing a security update.
File : suse_acroread-6332.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread-090701.nasl - Type : ACT_GATHER_INFO
2009-09-24 Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-090806.nasl - Type : ACT_GATHER_INFO
2009-08-28 Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_912.nasl - Type : ACT_GATHER_INFO
2009-08-24 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2009-1109.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_0_acroread-090701.nasl - Type : ACT_GATHER_INFO
2009-07-21 Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-090701.nasl - Type : ACT_GATHER_INFO
2009-07-13 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200907-06.nasl - Type : ACT_GATHER_INFO
2009-06-11 Name : The PDF file viewer on the remote Windows host is affected by multiple vulner...
File : adobe_reader_912.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2013-05-11 00:53:29
  • Multiple Updates