Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Published: 2009-10-19
Updated: 2018-10-30
Summary
Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html This update resolves an integer overflow in that leads to a Denial of Service (DoS). This issue is specific to Acrobat and does not affect Adobe Reader. (CVE-2009-2995). Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Solution Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows. Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows. Acrobat Pro users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
Vulnerable Configurations
Part | Description | Count |
Application | Adobe | 85 |
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows |
NASL id | ADOBE_ACROBAT_APSB09-15.NASL |
description | The version of Adobe Acrobat installed on the remote host is earlier than 9.2 / 8.1.7 / 7.1.4. Such versions are reportedly affected by multiple vulnerabilities : - A heap overflow vulnerability. (CVE-2009-3459) - A memory corruption issue. (CVE-2009-2985) - Multiple heap overflow vulnerabilities. (CVE-2009-2986) - An invalid array index issue that could lead to code execution. (CVE-2009-2990) - Multiple input validation vulnerabilities that could lead to code execution. (CVE-2009-2993) - A buffer overflow issue. (CVE-2009-2994) - A heap overflow vulnerability. (CVE-2009-2997) - An input validation issue that could lead to code execution. (CVE-2009-2998) - An input validation issue that could lead to code execution. (CVE-2009-3458) - A memory corruption issue. (CVE-2009-3460) - An issue that could allow a malicious user to bypass file extension security controls. (CVE-2009-3461) - An integer overflow vulnerability. (CVE-2009-2989) - A memory corruption issue that leads to a denial of service. (CVE-2009-2983) - An integer overflow that leads to a denial of service. (CVE-2009-2980) - A memory corruption issue that leads to a denial of service. (CVE-2009-2996) - An image decoder issue that leads to a denial of service. (CVE-2009-2984) - An input validation issue that could lead to a bypass of Trust Manager restrictions. (CVE-2009-2981) - A certificate is used that, if compromised, could be used in a social engineering attack. (CVE-2009-2982) - A stack overflow issue that could lead to a denial of service. (CVE-2009-3431) - A XMP-XML entity expansion issue that could lead to a denial of service attack. (CVE-2009-2979) - A remote denial of service issue in the ActiveX control. (CVE-2009-2987) - An input validation issue. (CVE-2009-2988) - An input validation issue specific to the ActiveX control. (CVE-2009-2992) - A cross-site scripting issue when the browser plugin in used with Google Chrome and Opera browsers. (CVE-2007-0048, CVE-2007-0045) |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 42119 |
published | 2009-10-14 |
reporter | This script is Copyright (C) 2009-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/42119 |
title | Adobe Acrobat < 9.2 / 8.1.7 / 7.1.4 Multiple Vulnerabilities (APSB09-15) |
Oval
accepted | 2013-08-12T04:09:37.382-04:00 |
class | vulnerability |
contributors | name | Chandan S | organization | SecPod Technologies |
name | Benjamin Marandel | organization | Marandel.net |
name | Shane Shaffer | organization | G2, Inc. |
name | Shane Shaffer | organization | G2, Inc. |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Sergey Artykhov | organization | ALTX-SOFT |
name | Shane Shaffer | organization | G2, Inc. |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Kedovskaya | organization | ALTX-SOFT |
name | Maria Kedovskaya | organization | ALTX-SOFT |
|
definition_extensions | comment | Adobe Reader 7 Series is installed | oval | oval:org.mitre.oval:def:6377 |
comment | Adobe Reader 8 Series is installed | oval | oval:org.mitre.oval:def:6390 |
comment | Adobe Reader 9 Series is installed | oval | oval:org.mitre.oval:def:6523 |
comment | Adobe Acrobat 7 Series is installed | oval | oval:org.mitre.oval:def:6213 |
comment | Adobe Acrobat 8 Series is installed | oval | oval:org.mitre.oval:def:6452 |
comment | Adobe Acrobat 9 Series is installed | oval | oval:org.mitre.oval:def:6013 |
|
description | Integer overflow in Adobe Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows attackers to cause a denial of service via unspecified vectors. |
family | windows |
id | oval:org.mitre.oval:def:6554 |
status | accepted |
submitted | 2009-10-23T03:25:55 |
title | Adobe Reader and Acrobat allows attackers to cause a DoS via unspecified vectors. |
version | 18 |
Saint
bid | 36638 |
description | Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution |
id | misc_acroread |
osvdb | 58926 |
title | adobe_reader_u3d_clodmeshdeclaration |
type | client |