Summary
This host has Adobe Reader installed, and is prone to buffer overflow vulnerability.
Impact
This can be exploited to corrupt arbitrary memory via a specially crafted PDF file, related to a non-JavaScript function call and to execute arbitrary code in context of the affected application.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader version 9.1 or 8.1.4 or later.
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Insight
This issue is due to error in array indexing while processing JBIG2 streams and unspecified vulnerability related to a JavaScript method.
Affected
Adobe Reader version 9.x < 9.1, 8.x < 8.1.4, 7.x < 7.1.1 on Linux
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
- http://downloads.securityfocus.com/vulnerabilities/exploits/33751-PoC.pl
- http://secunia.com/advisories/33901
- http://www.adobe.com/support/security/advisories/apsa09-01.html
- http://www.adobe.com/support/security/bulletins/apsb09-03.html
- http://www.adobe.com/support/security/bulletins/apsb09-04.html
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-0658, CVE-2009-0927 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- CA ARCserve Backup Multiple Bufffer Overflow Vulnerabilities
- Apple iTunes 'itms:' URI Stack Buffer Overflow Vulnerability
- DATAC RealWin SCADA Server On_FC_CONNECT_FCS_a_FILE Buffer Overflow Vulnerability
- Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
- Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)