Ghostscript Arbitrary Code Execution Vulnerability Network Vulnerability

Summary

This host is installed with Ghostscript and is prone to arbitrary code execution vulnerability.

Impact

Successful exploitation allows the attackers to execute arbitrary code or cause a denial of service. Impact Level: Application

Solution

Upgrade to Ghostscript version 8.71 or later, For updates refer to http://www.ghostscript.com/

Insight

The flaw is due to Off-by-one error in the TrueType bytecode interpreter in Ghostscript that allows remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a malformed TrueType font in a document.

Affected

Ghostscript versions prior to 8.71

References

http://www.kb.cert.org/vuls/id/644319
http://www.kb.cert.org/vuls/id/JALR-87YGN8

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-3743

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities -01 Feb13 (Mac OS X)
Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
Adobe Dreamweaver Insecure Library Loading Vulnerability
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Mac OS X)

Take action and discover your vulnerabilities