Vulnerabilities > CVE-2009-3462 - Remote vulnerability in RETIRED: Adobe Reader and Acrobat October 2009

047910
CVSS 5.1 - MEDIUM
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
high complexity
adobe
nessus

Summary

Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug." Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html This update resolves a Unix-only format bug when running in Debug mode that could lead to arbitrary code execution Per: http://www.adobe.com/support/security/bulletins/apsb09-15.html Adobe Reader Adobe Reader users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows. Adobe Reader users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh. Adobe Reader users on UNIX can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix. Acrobat Acrobat Standard and Pro users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows. Acrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows Acrobat 3D users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows. Acrobat Pro users on Macintosh can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

Vulnerable Configurations

Part Description Count
Application
Adobe
143

Nessus

  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200910-03.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200910-03 (Adobe Reader: Multiple vulnerabilities) Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletin referenced below. Impact : A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, Denial of Service, the creation of arbitrary files on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42239
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42239
    titleGLSA-200910-03 : Adobe Reader: Multiple vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200910-03.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(42239);
      script_version("1.29");
      script_cvs_date("Date: 2019/08/02 13:32:45");
    
      script_cve_id("CVE-2007-0045", "CVE-2007-0048", "CVE-2009-2979", "CVE-2009-2980", "CVE-2009-2981", "CVE-2009-2982", "CVE-2009-2983", "CVE-2009-2985", "CVE-2009-2986", "CVE-2009-2988", "CVE-2009-2990", "CVE-2009-2991", "CVE-2009-2993", "CVE-2009-2994", "CVE-2009-2996", "CVE-2009-2997", "CVE-2009-2998", "CVE-2009-3431", "CVE-2009-3458", "CVE-2009-3459", "CVE-2009-3462");
      script_bugtraq_id(21858, 35148, 36600, 36664, 36665, 36667, 36668, 36669, 36671, 36677, 36678, 36681, 36682, 36686, 36687, 36688, 36689, 36690, 36692, 36695, 36696);
      script_xref(name:"GLSA", value:"200910-03");
    
      script_name(english:"GLSA-200910-03 : Adobe Reader: Multiple vulnerabilities");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200910-03
    (Adobe Reader: Multiple vulnerabilities)
    
        Multiple vulnerabilities were discovered in Adobe Reader. For further
        information please consult the CVE entries and the Adobe Security
        Bulletin referenced below.
      
    Impact :
    
        A remote attacker might entice a user to open a specially crafted PDF
        file, possibly resulting in the execution of arbitrary code with the
        privileges of the user running the application, Denial of Service, the
        creation of arbitrary files on the victim's system, 'Trust Manager'
        bypass, or social engineering attacks.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      # http://www.adobe.com/support/security/bulletins/apsb09-15.html
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.adobe.com/support/security/bulletins/apsb09-15.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200910-03"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Adobe Reader users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-text/acroread-9.2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploited_by_malware", value:"true");
      script_set_attribute(attribute:"metasploit_name", value:'Adobe FlateDecode Stream Predictor 02 Integer Overflow');
      script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
      script_cwe_id(20, 119, 189, 310, 399);
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:acroread");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2009/10/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/10/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-text/acroread", unaffected:make_list("ge 9.2"), vulnerable:make_list("lt 9.2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Adobe Reader");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ACROREAD_JA-091022.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42251
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42251
    titleSuSE 11 Security Update : acroread_ja (SAT Patch Number 1424)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-6582.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51693
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51693
    titleSuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6582)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-6588.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42318
    published2009-10-30
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42318
    titleopenSUSE 10 Security Update : acroread (acroread-6588)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_ACROREAD-091022.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42247
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42247
    titleopenSUSE Security Update : acroread (acroread-1426)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2009-1499.NASL
    descriptionUpdated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary. This update has been rated as having critical security impact by the Red Hat Security Response Team. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Multiple flaws were discovered in Adobe Reader. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2009-2980, CVE-2009-2983, CVE-2009-2985, CVE-2009-2986, CVE-2009-2990, CVE-2009-2991, CVE-2009-2993, CVE-2009-2994, CVE-2009-2996, CVE-2009-2997, CVE-2009-2998, CVE-2009-3458, CVE-2009-3459, CVE-2009-3462) Multiple flaws were discovered in Adobe Reader. A specially crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2009-2979, CVE-2009-2988, CVE-2009-3431) An input validation flaw was found in Adobe Reader. Opening a specially crafted PDF file could lead to a Trust Manager restrictions bypass. (CVE-2009-2981) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.7, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
    last seen2020-06-01
    modified2020-06-02
    plugin id42134
    published2009-10-15
    reporterThis script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/42134
    titleRHEL 3 / 4 / 5 : acroread (RHSA-2009:1499)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_ACROREAD-091022.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42250
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42250
    titleSuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1425)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD_JA-6584.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51708
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51708
    titleSuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6584)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD_JA-6585.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51709
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51709
    titleSuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6585)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_ACROREAD-6583.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id51694
    published2011-01-27
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/51694
    titleSuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6583)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_0_ACROREAD-091022.NASL
    descriptionAdobe Reader has been updated to fix numerous security vulnerabilities. Some of the vulnerabilities allowed attackers to potentially execute arbitrary code on the victim
    last seen2020-06-01
    modified2020-06-02
    plugin id42244
    published2009-10-26
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/42244
    titleopenSUSE Security Update : acroread (acroread-1426)

Oval

accepted2013-08-12T04:09:29.833-04:00
classvulnerability
contributors
  • nameChandan S
    organizationSecPod Technologies
  • nameBenjamin Marandel
    organizationMarandel.net
  • nameShane Shaffer
    organizationG2, Inc.
  • nameShane Shaffer
    organizationG2, Inc.
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameSergey Artykhov
    organizationALTX-SOFT
  • nameShane Shaffer
    organizationG2, Inc.
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Kedovskaya
    organizationALTX-SOFT
  • nameMaria Mikhno
    organizationALTX-SOFT
definition_extensions
  • commentAdobe Reader 7 Series is installed
    ovaloval:org.mitre.oval:def:6377
  • commentAdobe Reader 8 Series is installed
    ovaloval:org.mitre.oval:def:6390
  • commentAdobe Reader 9 Series is installed
    ovaloval:org.mitre.oval:def:6523
  • commentAdobe Acrobat 7 Series is installed
    ovaloval:org.mitre.oval:def:6213
  • commentAdobe Acrobat 8 Series is installed
    ovaloval:org.mitre.oval:def:6452
  • commentAdobe Acrobat 9 Series is installed
    ovaloval:org.mitre.oval:def:6013
descriptionAdobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 on Unix, when Debug mode is enabled, allow attackers to execute arbitrary code via unspecified vectors, related to a "format bug."
familywindows
idoval:org.mitre.oval:def:6429
statusdeprecated
submitted2009-10-23T03:25:55
titleDEPRECATED: Adobe Reader and Acrobat 'format bug' remote arbitrary code execution
version19

Redhat

rpms
  • acroread-0:8.1.7-1
  • acroread-0:8.1.7-1.el4
  • acroread-0:8.1.7-1.el5
  • acroread-plugin-0:8.1.7-1
  • acroread-plugin-0:8.1.7-1.el4
  • acroread-plugin-0:8.1.7-1.el5

Saint

bid36638
descriptionAdobe Acrobat Reader U3D CLODMeshContinuation Code Execution
idmisc_acroread
osvdb58926
titleadobe_reader_u3d_clodmeshdeclaration
typeclient

Seebug

bulletinFamilyexploit
descriptionNo description provided by source.
idSSV:12521
last seen2017-11-19
modified2009-10-27
published2009-10-27
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-12521
titleAdobe Reader: Multiple vulnerabilities