Summary
This host has Adobe Acrobat or Adobe Reader installed, and is prone to buffer overflow vulnerability.
Impact
This can be exploited to corrupt arbitrary memory via a specially crafted PDF file, related to a non-JavaScript function call and to execute arbitrary code in context of the affected application.
Impact Level: Application/System
Solution
Upgrade to Reader/Acrobat version 9.1 or 7.1.1 or 8.1.4 or later. For updates refer to
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
Insight
This issue is due to error in array indexing while processing JBIG2 streams and unspecified vulnerability related to a JavaScript method.
Affected
Adobe Reader/Acrobat version 9.x < 9.1, 8.x < 8.1.4, 7.x < 7.1.1 on Windows.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/33751-PoC.pl
- http://secunia.com/advisories/33901
- http://www.adobe.com/support/security/advisories/apsa09-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-03.html
- http://www.adobe.com/support/security/bulletins/apsb09-04.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0193, CVE-2009-0658, CVE-2009-0927, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Shockwave Player ActiveX Control BOF Vulnerability
- Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
- Adobe Flash Professional JPG Object Processing BOF Vulnerability (Windows)
- Active Perl 'Perl_repeatcpy()' Function Buffer Overflow Vulnerability (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability (Windows)