Adobe Acrobat < 9.1 / 8.1.4 / 7.1.1 Multiple Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 9.1 / 8.1.4 / 7.1.1. Such versions are reportedly affected by
multiple vulnerabilities :

- An integer buffer overflow can be triggered when
processing a malformed JBIG2 image stream with the
'/JBIG2Decode' filter. (CVE-2009-0658)

- A vulnerability in the 'getIcon()' JavaScript method of
a Collab object could allow for remote code execution.
(CVE-2009-0927)

- Additional vulnerabilities involving handling of JBIG2
image streams could lead to remote code execution.
(CVE-2009-0193, CVE-2009-0928, CVE-2009-1061,
CVE-2009-1062)

If an attacker can trick a user into opening a specially crafted PDF
file, he can exploit these flaws to execute arbitrary code subject to
the user's privileges.

See also :

https://www.tenable.com/security/research/tra-2009-01
http://www.adobe.com/support/security/bulletins/apsb09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Solution :

Upgrade to Adobe Acrobat 9.1 / 8.1.4 / 7.1.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 9.3
(CVSS2#E:H/RL:ND/RC:ND)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40803 (adobe_acrobat_91.nasl)

Bugtraq ID: 33751
34169
34229

CVE ID: CVE-2009-0193
CVE-2009-0658
CVE-2009-0927
CVE-2009-0928
CVE-2009-1061
CVE-2009-1062

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now