Summary
This host is installed with Adobe products and are prone to remote code execution vulnerability.
Impact
Successful exploitation will allow remote attackers to cause code execution.
Impact Level: Application
Solution
Upgrade to Adobe Reader/Acrobat version 9.1.3 or later.
Upgrade to Adobe Flash Player version 9.0.246.0 or 10.0.32.18 or later.
For updates refer to http://www.adobe.com/
Insight
- An unspecified error exists in Adobe Flash Player which can be exploited via a specially crafted flash application in a '.pdf' file.
- Error occurs in 'authplay.dll' in Adobe Reader/Acrobat whlie processing '.swf' content and can be exploited to execute arbitrary code.
Affected
Adobe Reader/Acrobat version 9.x to 9.1.2
Adobe Flash Player version 9.x to 9.0.159.0 and 10.x to 10.0.22.87 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2009-1862 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Dreamweaver Insecure Library Loading Vulnerability
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)