GLSA-200901-09 : Adobe Reader: User-assisted execution of arbitrary code

high Nessus Plugin ID 35367
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200901-09 (Adobe Reader: User-assisted execution of arbitrary code)

An unspecified vulnerability can be triggered by a malformed PDF document, as demonstrated by 2008-HI2.pdf (CVE-2008-2549).
Peter Vreugdenhil, Dyon Balding, Will Dormann, Damian Frizza, and Greg MacManus reported a stack-based buffer overflow in the util.printf JavaScript function that incorrectly handles the format string argument (CVE-2008-2992).
Greg MacManus of iDefense Labs reported an array index error that can be leveraged for an out-of-bounds write, related to parsing of Type 1 fonts (CVE-2008-4812).
Javier Vicente Vallejo and Peter Vregdenhil, via Zero Day Initiative, reported multiple unspecified memory corruption vulnerabilities (CVE-2008-4813).
Thomas Garnier of SkyRecon Systems reported an unspecified vulnerability in a JavaScript method, related to an 'input validation issue' (CVE-2008-4814).
Josh Bressers of Red Hat reported an untrusted search path vulnerability (CVE-2008-4815).
Peter Vreugdenhil reported through iDefense that the Download Manager can trigger a heap corruption via calls to the AcroJS function (CVE-2008-4817).
Impact :

A remote attacker could entice a user to open a specially crafted PDF document, and local attackers could entice a user to run acroread from an untrusted working directory. Both might result in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.
Workaround :

There is no known workaround at this time.

Solution

All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.3'

See Also

https://security.gentoo.org/glsa/200901-09

Plugin Details

Severity: High

ID: 35367

File Name: gentoo_GLSA-200901-09.nasl

Version: 1.20

Type: local

Published: 1/14/2009

Updated: 1/6/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: E:H/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:acroread, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 1/13/2009

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe util.printf() Buffer Overflow)

Reference Information

CVE: CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4815, CVE-2008-4817

GLSA: 200901-09

CWE: 20, 119, 264, 399