Adobe Acrobat < 9.1 / 8.1.4 / 7.1.1 Multiple Vulnerabilities

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.

Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 9.1 / 8.1.4 / 7.1.1. Such versions are reportedly affected by
multiple vulnerabilities :

- An integer buffer overflow can be triggered when
processing a malformed JBIG2 image stream with the
'/JBIG2Decode' filter. (CVE-2009-0658)

- A vulnerability in the 'getIcon()' JavaScript method of
a Collab object could allow for remote code execution.

- Additional vulnerabilities involving handling of JBIG2
image streams could lead to remote code execution.
(CVE-2009-0193, CVE-2009-0928, CVE-2009-1061,

If an attacker can trick a user into opening a specially crafted PDF
file, he can exploit these flaws to execute arbitrary code subject to
the user's privileges.

See also :

Solution :

Upgrade to Adobe Acrobat 9.1 / 8.1.4 / 7.1.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 9.3
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 40803 (adobe_acrobat_91.nasl)

Bugtraq ID: 33751

CVE ID: CVE-2009-0193

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now