Executive Summary
Summary | |
---|---|
Title | Adobe Acrobat and Reader Vulnerabilities |
Informations | |||
---|---|---|---|
Name | TA09-161A | First vendor Publication | 2009-06-10 |
Vendor | US-CERT | Last vendor Modification | 2009-06-10 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Adobe has released Security Bulletin APSB09-07, which describes several buffer overflow vulnerabilities that could allow a remote attacker to execute arbitrary code. I. Description Adobe Security Bulletin APSB09-07 describes several memory-corruption vulnerabilities that affect Adobe Reader and Acrobat. Some of these vulnerabilities occur when Adobe Reader and Acrobat handle files with specially crafted JBIG2 streams. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) II. Impact An attacker may be able to execute arbitrary code. III. Solution Update Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB09-07 and update vulnerable versions of Adobe Reader and Acrobat. Disable JavaScript in Adobe Reader and Acrobat Disabling Javascript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu: * Open the Edit menu. The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 Disable the display of PDF documents in the web browser Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. This workaround may also mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser, do the following: * Open Adobe Acrobat Reader. Do not open unfamiliar or unexpected PDF documents, particularly those hosted on websites or delivered as email attachments. See Cyber Security Tip ST04-010. Additional workarounds are available in Vulnerability Note VU#568153. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA09-161A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
69 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
23 % | CWE-399 | Resource Management Errors |
8 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-06 (acroread) File : nvt/glsa_200907_06.nasl |
2009-07-06 | Name : SuSE Security Advisory SUSE-SA:2009:035 (acroread) File : nvt/suse_sa_2009_035.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1109 File : nvt/RHSA_2009_1109.nasl |
2009-06-16 | Name : Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux) File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_lin.nasl |
2009-06-16 | Name : Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win) File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56118 | Adobe Reader / Acrobat PDF File JPX (aka JPEG2000) Stream Handling Multiple O... |
56117 | Adobe Reader / Acrobat Unspecified Memory Corruption |
56116 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Memory Corruption |
56115 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0512) |
56114 | Adobe Reader / Acrobat PDF File TrueType Font Handling Memory Corruption |
56113 | Adobe Reader / Acrobat PDF File FlateDecode Filter Parameter Handling Unspeci... |
56112 | Adobe Reader / Acrobat U3D Model Crafted Extension Block Handling Overflow |
56111 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0889) |
56110 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0888) |
56109 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0511) |
56108 | Adobe Reader / Acrobat JBIG2 Filter Unspecified Remote Overflow (2009-0510) |
56107 | Adobe Reader / Acrobat JBIG2 Filter Crafted File Handling Unspecified Overflow |
56106 | Adobe Reader / Acrobat JBIG2 Filter Huffman Encoded Text Region Segment Handl... |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-22 | Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt RuleID : 37712 - Revision : 1 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt RuleID : 28626 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt RuleID : 28303 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt RuleID : 25767 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader FlateDecode integer overflow attempt RuleID : 25588 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe RoboHelp Server Arbitrary File Upload and Execute RuleID : 17529 - Revision : 10 - Type : SERVER-WEBAPP |
2014-01-10 | Adobe Acrobat and Adobe Acrobat Reader U3D RHAdobeMeta buffer overflow attempt RuleID : 17526 - Revision : 14 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader FlateDecode integer overflow attempt RuleID : 15709 - Revision : 19 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt RuleID : 15562 - Revision : 14 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6331.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6398.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6332.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_912.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1109.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-06.nasl - Type : ACT_GATHER_INFO |
2009-06-11 | Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_912.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:53:43 |
|