Detections
Analytics
Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)
critical Nessus Plugin ID 43875
Language:
Synopsis
The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Acrobat installed on the remote host is earlier than 9.3 / 8.2. Such versions are reportedly affected by multiple vulnerabilities :- A use-after-free vulnerability in 'Multimedia.api' can lead to code execution. (CVE-2009-4324)
- An array boundary issue in 'U3D' support can lead to code execution. (CVE-2009-3953)
- A DLL-loading vulnerability in '3D' can allow arbitrary code execution. (CVE-2009-3954)
- A memory corruption vulnerability can lead to code execution. (CVE-2009-3955)
- A script injection vulnerability. (CVE-2009-3956)
- A NULL pointer dereference vulnerability can lead to a denial of service. (CVE-2009-3957)
- A buffer overflow vulnerability in the Download Manager can lead to code execution. (CVE-2009-3958)
- An integer overflow vulnerability in 'U3D' support can lead to code execution. (CVE-2009-3959)
- A buffer overflow in the 'gp.ocx' ActiveX control can lead to code execution. (CVE-2010-1278)
Solution
Upgrade to Adobe Acrobat 9.3 / 8.2 or later.See Also
https://www.zerodayinitiative.com/advisories/ZDI-10-077/
https://www.securityfocus.com/archive/1/510868/30/0/threaded
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Plugin Details
Severity: Critical
ID: 43875
File Name: adobe_acrobat_apsb10-02.nasl
Version: 1.22
Type: local
Agent: windows
Family: Windows
Published: 1/13/2010
Updated: 6/8/2022
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.5
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2009-3959
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: SMB/Acrobat/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 1/12/2010
Vulnerability Publication Date: 1/12/2010
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Adobe Doc.media.newPlayer Use After Free Vulnerability)
Reference Information
CVE: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324, CVE-2010-1278
BID: 37331, 37756, 37757, 37758, 37759, 37760, 37761, 37763, 39615