Search...

SuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211)

2009-09-24T00:00:00

ID SUSE9_12211.NASL
Type nessus
Reporter This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.
Modified 2009-09-24T00:00:00

Description

This update of acroread fixes an unknown error in a JavaScript method that can lead to remote code execution. (CVE-2008-2641)

                                        
                                            #%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The text description of this plugin is (C) Novell, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(41227);
  script_version("1.13");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/14");

  script_cve_id("CVE-2008-2641");

  script_name(english:"SuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote SuSE 9 host is missing a security-related patch."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"This update of acroread fixes an unknown error in a JavaScript method
that can lead to remote code execution. (CVE-2008-2641)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://support.novell.com/security/cve/CVE-2008-2641.html"
  );
  script_set_attribute(attribute:"solution", value:"Apply YOU patch number 12211.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2008/07/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
if (cpu &gt;!&lt; "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");


flag = 0;
if (rpm_check(release:"SUSE9", reference:"acroread-7.0.9-2.6")) flag++;


if (flag)
{
  if (report_verbosity &gt; 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else exit(0, "The host is not affected.");

JSON Vulners Source

Initial Source

{"id": "SUSE9_12211.NASL", "bulletinFamily": "scanner", "title": "SuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211)", "description": "This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)", "published": "2009-09-24T00:00:00", "modified": "2009-09-24T00:00:00", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "href": "https://www.tenable.com/plugins/nessus/41227", "reporter": "This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.", "references": ["http://support.novell.com/security/cve/CVE-2008-2641.html"], "cvelist": ["CVE-2008-2641"], "type": "nessus", "lastseen": "2021-01-17T14:02:16", "edition": 25, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-2641"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310800106", "OPENVAS:1361412562310800107", "OPENVAS:800106", "OPENVAS:61443"]}, {"type": "cert", "idList": ["VU:788019"]}, {"type": "gentoo", "idList": ["GLSA-200808-10"]}, {"type": "seebug", "idList": ["SSV:3478"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200808-10.NASL", "SUSE_ACROREAD-5467.NASL", "SUSE_ACROREAD-5466.NASL", "ADOBE_ACROBAT_812_SU1.NASL", "REDHAT-RHSA-2008-0641.NASL", "SUSE_11_0_ACROREAD-080722.NASL", "ADOBE_READER_812_SU1.NASL"]}, {"type": "redhat", "idList": ["RHSA-2008:0641"]}], "modified": "2021-01-17T14:02:16", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-01-17T14:02:16", "rev": 2}, "vulnersScore": 7.6}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(41227);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2641\");\n\n script_name(english:\"SuSE9 Security Update : Acrobat Reader (YOU Patch Number 12211)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 9 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2641.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply YOU patch number 12211.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 9 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SUSE9\", reference:\"acroread-7.0.9-2.6\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "naslFamily": "SuSE Local Security Checks", "pluginID": "41227", "cpe": ["cpe:/o:suse:suse_linux"], "scheme": null}

{"cve": [{"lastseen": "2020-10-03T11:50:59", "description": "Unspecified vulnerability in Adobe Reader and Acrobat 7.0.9 and earlier, and 8.0 through 8.1.2, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to an \"input validation issue in a JavaScript method.\"", "edition": 3, "cvss3": {}, "published": "2008-06-25T12:36:00", "title": "CVE-2008-2641", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-2641"], "modified": "2017-08-08T01:31:00", "cpe": ["cpe:/a:adobe:acrobat_reader:5.0.11", "cpe:/a:adobe:acrobat_reader:5.0.6", "cpe:/a:adobe:acrobat_3d:7.0.0", "cpe:/a:adobe:acrobat_3d:8.1.1", "cpe:/a:adobe:acrobat_3d:7.0.6", "cpe:/a:adobe:acrobat_reader:6.0.5", "cpe:/a:adobe:acrobat_reader:5.0.5", "cpe:/a:adobe:acrobat_reader:7.0.3", "cpe:/a:adobe:acrobat_reader:6.0", "cpe:/a:adobe:acrobat_reader:5.0.10", "cpe:/a:adobe:acrobat_3d:8.1.2", "cpe:/a:adobe:acrobat_reader:7.0.7", "cpe:/a:adobe:acrobat_reader:5.0.9", "cpe:/a:adobe:acrobat_3d:7.0.9", "cpe:/a:adobe:acrobat_3d:7.0.8", "cpe:/a:adobe:acrobat_3d:7.0.5", "cpe:/a:adobe:acrobat_reader:5.0.7", "cpe:/a:adobe:acrobat_reader:4.0.5", "cpe:/a:adobe:acrobat_reader:5.0", "cpe:/a:adobe:acrobat_3d:7.0.2", "cpe:/a:adobe:acrobat_reader:7.0.4", "cpe:/a:adobe:acrobat_3d:7.0", "cpe:/a:adobe:acrobat_reader:4.5", "cpe:/a:adobe:acrobat_reader:7.0.8", "cpe:/a:adobe:acrobat_reader:6.0.4", "cpe:/a:adobe:acrobat_3d:7.0.3", "cpe:/a:adobe:acrobat_reader:7.0.6", "cpe:/a:adobe:acrobat_3d:7.0.7", "cpe:/a:adobe:acrobat_reader:7.0.2", "cpe:/a:adobe:acrobat_reader:7.0.5", "cpe:/a:adobe:acrobat_3d:7.0.1", "cpe:/a:adobe:acrobat_reader:6.0.3", "cpe:/a:adobe:acrobat_reader:8.1.2", "cpe:/a:adobe:acrobat_reader:3.0", "cpe:/a:adobe:acrobat_reader:6.0.2", "cpe:/a:adobe:acrobat_reader:6.0.1", "cpe:/a:adobe:acrobat_reader:7.0.9", "cpe:/a:adobe:acrobat_reader:8.1.1", "cpe:/a:adobe:acrobat_3d:7.0.4", "cpe:/a:adobe:acrobat_reader:8.0", "cpe:/a:adobe:acrobat_reader:5.1", "cpe:/a:adobe:acrobat_reader:4.0", "cpe:/a:adobe:acrobat_reader:7.0", "cpe:/a:adobe:acrobat_3d:8.1", "cpe:/a:adobe:acrobat_reader:8.1", "cpe:/a:adobe:acrobat_reader:7.0.1"], "id": "CVE-2008-2641", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2641", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat_reader:7.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:3.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.11:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.6:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1.2:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:4.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:4.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.8:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.6:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.10:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.2:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.0:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1.1:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.8:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.3:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.9:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1.1:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.0:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.9:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.4:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.7:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.7:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:6.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.8:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.4:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.1:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.1:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.5:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.3:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:7.0.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.2:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.9:*:standard:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:8.1.2:*:professional:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:5.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:4.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_3d:7.0.5:*:standard:*:*:*:*:*"]}], "openvas": [{"lastseen": "2017-07-24T12:50:20", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200808-10.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:61443", "href": "http://plugins.openvas.org/nasl.php?oid=61443", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200808-10 (acroread)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Adobe Reader is vulnerable to execution of arbitrary code via a crafted\nPDF.\";\ntag_solution = \"All Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r3'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200808-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=233383\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200808-10.\";\n\n \n\nif(description)\n{\n script_id(61443);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2008-2641\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Gentoo Security Advisory GLSA 200808-10 (acroread)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 8.1.2-r3\"), vulnerable: make_list(\"lt 8.1.2-r3\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-07-25T12:24:18", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "description": "This host has Adobe Reader/Acrobat installed, which is/are prone to Remote\nCode Execution Vulnerabilities.", "modified": "2019-07-24T00:00:00", "published": "2008-10-04T00:00:00", "id": "OPENVAS:1361412562310800107", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800107", "type": "openvas", "title": "Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800107\");\n script_version(\"2019-07-24T08:39:52+0000\");\n script_cve_id(\"CVE-2008-2641\");\n script_bugtraq_id(29908);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2019-07-24 08:39:52 +0000 (Wed, 24 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2008-10-04 09:54:24 +0200 (Sat, 04 Oct 2008)\");\n script_xref(name:\"CB-A\", value:\"08-0105\");\n script_name(\"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host has Adobe Reader/Acrobat installed, which is/are prone to Remote\nCode Execution Vulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"The flaw is due to an input validation error in a JavaScript method, which\ncould allow attackers to execute arbitrary code by tricking a user into opening\na specially crafted PDF document.\");\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code or\nan attacker could take complete control of an affected system or cause a\ndenial of service condition.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 7.0.9 and prior - Linux(All)\nAdobe Reader versions 8.0 through 8.1.2 - Linux(All)\");\n script_tag(name:\"solution\", value:\"Apply Security Update mentioned in the advisory\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://xforce.iss.net/xforce/xfdb/43307\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/1906/products\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb08-15.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_adobe_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Linux/Version\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\nif(!adobeVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\n# Security Update 1 (SU1) is applied\nif(adobeVer =~ \"^8.1.2_SU[0-9]+\"){\n exit(99);\n}\n\nif(version_is_less_equal(version:adobeVer, test_version:\"7.0.9\")||\n version_in_range(version:adobeVer, test_version:\"8.0\", test_version2:\"8.1.2\")){\n {\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-02T21:10:10", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "description": "This host has Adobe Reader/Acrobat installed, which is/are prone\n to Remote Code Execution Vulnerabilities.", "modified": "2017-02-20T00:00:00", "published": "2008-10-01T00:00:00", "id": "OPENVAS:800106", "href": "http://plugins.openvas.org/nasl.php?oid=800106", "type": "openvas", "title": "Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_prdts_code_exec_vuln_win.nasl 5370 2017-02-20 15:24:26Z cfi $\n#\n# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation allows remote attackers to execute arbitrary code\n or an attacker could take complete control of an affected system or cause\n a denial of service condition.\n Impact Level: System\";\ntag_summary = \"This host has Adobe Reader/Acrobat installed, which is/are prone\n to Remote Code Execution Vulnerabilities.\";\n\ntag_affected = \"Adobe Reader version 7.0.9 and prior - Windows(All)\n Adobe Reader versions 8.0 through 8.1.2 - Windows(All)\n Adobe Acrobat Professional version 7.0.9 and prior - Windows(All)\n Adobe Acrobat Professional versions 8.0 through 8.1.2 - Windows(All)\";\ntag_insight = \"The flaw is due to an input validation error in a JavaScript method,\n which could allow attackers to execute arbitrary code by tricking a user\n into opening a specially crafted PDF document.\";\ntag_solution = \"Apply Security Update mentioned in the advisory from the below link,\n http://www.adobe.com/support/security/bulletins/apsb08-15.html\";\n\nif(description)\n{\n script_id(800106);\n script_version(\"$Revision: 5370 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-01 17:01:16 +0200 (Wed, 01 Oct 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-2641\");\n script_bugtraq_id(29908);\n script_xref(name:\"CB-A\", value:\"08-0105\");\n script_name(\"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/30832\");\n script_xref(name : \"URL\" , value : \"http://www.frsirt.com/english/advisories/2008/1906/products\");\n script_xref(name : \"URL\" , value : \"http://www.adobe.com/support/security/bulletins/apsb08-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"secpod_reg_enum.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Adobe\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nkeys = registry_enum_keys(key:key);\n\nforeach item (keys)\n{\n adobeName = registry_get_sz(item:\"DisplayName\", key:key +item);\n\n if(\"Adobe Reader\" >< adobeName || \"Adobe Acrobat\" >< adobeName)\n {\n adobeVer = registry_get_sz(item:\"DisplayVersion\", key:key + item);\n if(!adobeVer){\n exit(0);\n }\n\n if(adobeVer == \"8.1.2\" && adobeName =~ \"Security Update ?[0-9]+\"){\n exit(0);\n }\n\n if(adobeVer =~ \"^(7\\.0(\\.[0-9])?|8\\.0(\\..*)?|8\\.1(\\.[0-2])?)$\"){\n security_message(0);\n }\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:40:26", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "description": "This host has Adobe Reader/Acrobat installed, which is/are prone\n to Remote Code Execution Vulnerabilities.", "modified": "2018-11-30T00:00:00", "published": "2008-10-01T00:00:00", "id": "OPENVAS:1361412562310800106", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310800106", "type": "openvas", "title": "Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_prdts_code_exec_vuln_win.nasl 12602 2018-11-30 14:36:58Z cfischer $\n#\n# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)\n#\n# Authors:\n# Veerendra GG <veerendragg@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.800106\");\n script_version(\"$Revision: 12602 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-11-30 15:36:58 +0100 (Fri, 30 Nov 2018) $\");\n script_tag(name:\"creation_date\", value:\"2008-10-01 17:01:16 +0200 (Wed, 01 Oct 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-2641\");\n script_bugtraq_id(29908);\n script_xref(name:\"CB-A\", value:\"08-0105\");\n script_name(\"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability (Windows)\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/30832\");\n script_xref(name:\"URL\", value:\"http://www.frsirt.com/english/advisories/2008/1906/products\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb08-15.html\");\n\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2008 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"smb_reg_service_pack.nasl\");\n script_mandatory_keys(\"SMB/WindowsVersion\");\n script_require_ports(139, 445);\n script_tag(name:\"impact\", value:\"Successful exploitation allows remote attackers to execute arbitrary code\n or an attacker could take complete control of an affected system or cause\n a denial of service condition.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 7.0.9 and prior - Windows(All)\n Adobe Reader versions 8.0 through 8.1.2 - Windows(All)\n Adobe Acrobat Professional version 7.0.9 and prior - Windows(All)\n Adobe Acrobat Professional versions 8.0 through 8.1.2 - Windows(All)\");\n script_tag(name:\"insight\", value:\"The flaw is due to an input validation error in a JavaScript method,\n which could allow attackers to execute arbitrary code by tricking a user\n into opening a specially crafted PDF document.\");\n script_tag(name:\"solution\", value:\"Apply Security Update mentioned in the advisory\");\n script_tag(name:\"summary\", value:\"This host has Adobe Reader/Acrobat installed, which is/are prone\n to Remote Code Execution Vulnerabilities.\");\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(!get_kb_item(\"SMB/WindowsVersion\")){\n exit(0);\n}\n\nif(!registry_key_exists(key:\"SOFTWARE\\Adobe\")){\n exit(0);\n}\n\nkey = \"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall\\\";\nif(!registry_key_exists(key:key)){\n exit(0);\n}\n\nkeys = registry_enum_keys(key:key);\n\nforeach item (keys)\n{\n adobeName = registry_get_sz(item:\"DisplayName\", key:key +item);\n\n if(\"Adobe Reader\" >< adobeName || \"Adobe Acrobat\" >< adobeName)\n {\n adobeVer = registry_get_sz(item:\"DisplayVersion\", key:key + item);\n if(!adobeVer){\n exit(0);\n }\n\n if(adobeVer == \"8.1.2\" && adobeName =~ \"Security Update ?[0-9]+\"){\n exit(0);\n }\n\n if(adobeVer =~ \"^(7\\.0(\\.[0-9])?|8\\.0(\\..*)?|8\\.1(\\.[0-2])?)$\"){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n exit(0);\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cert": [{"lastseen": "2020-09-18T20:42:22", "bulletinFamily": "info", "cvelist": ["CVE-2008-2641"], "description": "### Overview \n\nAdobe Reader and Acrobat contain an unspecified flaw in a JavaScript method, which can allow a remote, unauthenticated attacker to execute code on a vulnerable system.\n\n### Description \n\nAdobe Acrobat Reader is software designed to view Portable Document Format (PDF) files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser. According to Adobe security bulletin [APSB08-15](<http://www.adobe.com/support/security/bulletins/apsb08-15.html>), Adobe Reader and Acrobat fail to properly validate input to a JavaScript method, which can allow an attacker to take control of an affected system.\n\nAdobe indicates that this issue is being exploited in the wild. \n \n--- \n \n### Impact \n\nBy convincing a user to open a specially-crafted PDF file, a remote, unauthenticated attacker may be able to execute arbitrary code. This can happen in several ways, such as opening an email attachment or viewing a web page. \n \n--- \n \n### Solution \n\n**Apply an update** \nThis issue is addressed in Adobe Reader and Acrobat 8.1.2 Security Update 1 and also version 7.1.0. Please see Adobe security bulletin [APSB08-15](<http://www.adobe.com/support/security/bulletins/apsb08-15.html>) for more details. \n \n--- \n \n \n**Disable JavaScript in Adobe Reader and Acrobat** \n \nDisabling Javascript may prevent this vulnerability from being exploited. Acrobat JavaScript can be disabled in the General preferences dialog (`Edit` -> `Preferences` -> `JavaScript` and un-check `Enable Acrobat JavaScript`). \n \n**Prevent Internet Explorer from automatically opening PDF documents** \n \nThe installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: \n`Windows Registry Editor Version 5.00` \n \n`[HKEY_CLASSES_ROOT\\AcroExch.Document.7]` \n`\"EditFlags\"=hex:00,00,00,00` \n**Disable the displaying of PDF documents in the web browser** \n \nPreventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities. \n \nTo prevent PDF documents from automatically being opened in a web browser: \n\n\n 1. Open Adobe Acrobat Reader.\n 2. Open the `Edit` menu.\n 3. Choose the `preferences` option.\n 4. Choose the `Internet` section.\n 5. Un-check the `\"``Display PDF in browser``\"` check box. \n\nUbuntu users and administrators can prevent Adobe Reader from automatically opening PDF files inside their web browser by removing the [mozilla-acroread](<http://packages.medibuntu.org/pool/non-free/a/acroread/>) package. \n \n**Do not open untrusted PDF files** \n \nDo not open unfamiliar or unexpected PDF attachments. Users can convert PDF documents to text by using the Adobe [Online Conversion Tools](<http://www.adobe.com/products/acrobat/access_onlinetools.html>) site. See the Online Conversion Tools [FAQ](<http://www.adobe.com/products/acrobat/access_tools_faq.html>) for information about this service. This workaround will not mitigate all attack vectors. \n--- \n \n### Vendor Information\n\n788019\n\nFilter by status: All Affected Not Affected Unknown\n\nFilter by content: __ Additional information available\n\n__ Sort by: Status Alphabetical\n\nExpand all\n\n**Javascript is disabled. Click here to view vendors.**\n\n### Adobe __ Affected\n\nUpdated: June 25, 2008 \n\n### Status\n\nAffected\n\n### Vendor Statement\n\nWe have not received a statement from the vendor.\n\n### Vendor Information \n\nThe vendor has not provided us with any further information regarding this vulnerability.\n\n### Addendum\n\nThis issue is addressed in Adobe Reader and Acrobat 8.1.2 Security Update 1 and also version 7.1.0. Please see Adobe security bulletin [APSB08-15](<http://www.adobe.com/support/security/bulletins/apsb08-15.html>) for more details.\n\nIf you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:cert@cert.org?Subject=VU%23788019 Feedback>).\n\n \n\n\n### CVSS Metrics \n\nGroup | Score | Vector \n---|---|--- \nBase | | \nTemporal | | \nEnvironmental | | \n \n \n\n\n### References \n\n * <http://www.adobe.com/support/security/bulletins/apsb08-15.html>\n * <http://secunia.com/advisories/30832/>\n\n### Acknowledgements\n\nThis vulnerability was reported by Adobe, who in turn credit the Johns Hopkins University Applied Physics Laboratory.\n\nThis document was written by Will Dormann.\n\n### Other Information\n\n**CVE IDs:** | [CVE-2008-2641](<http://web.nvd.nist.gov/vuln/detail/CVE-2008-2641>) \n---|--- \n**Severity Metric:** | 21.55 \n**Date Public:** | 2008-06-23 \n**Date First Published:** | 2008-06-25 \n**Date Last Updated: ** | 2008-06-25 14:08 UTC \n**Document Revision: ** | 6 \n", "modified": "2008-06-25T14:08:00", "published": "2008-06-25T00:00:00", "id": "VU:788019", "href": "https://www.kb.cert.org/vuls/id/788019", "type": "cert", "title": "Adobe Reader and Adobe Acrobat contain an unspecified flaw in a JavaScript method", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:27", "bulletinFamily": "unix", "cvelist": ["CVE-2008-2641"], "edition": 1, "description": "### Background\n\nAdobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader. \n\n### Description\n\nThe Johns Hopkins University Applied Physics Laboratory reported that input to an unspecified JavaScript method is not properly validated. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted PDF document, possibly resulting in the remote execution of arbitrary code with the privileges of the user. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll Adobe Reader users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/acroread-8.1.2-r3\"", "modified": "2008-08-09T00:00:00", "published": "2008-08-09T00:00:00", "id": "GLSA-200808-10", "href": "https://security.gentoo.org/glsa/200808-10", "type": "gentoo", "title": "Adobe Reader: User-assisted execution of arbitrary code", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T21:37:06", "description": "BUGTRAQ ID: 29908\r\nCVE(CAN) ID: CVE-2008-2641\r\n\r\nAcrobat Reader\u662f\u4e00\u6b3e\u6d41\u884c\u7684PDF\u6587\u4ef6\u9605\u8bfb\u5668\u3002\r\n\r\nAcrobat Reader\u7684JavaScript\u65b9\u5f0f\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u6253\u5f00\u4e86\u5185\u5d4c\u6709\u6076\u610fJavaScript\u5185\u5bb9\u7684PDF\u6587\u4ef6\u7684\u8bdd\u5c31\u4f1a\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\n\nAdobe Acrobat Professional <= 7.0.9 \r\nAdobe Acrobat Professional 8.0 - 8.1.2 \r\nAdobe Reader <= 7.0.9 \r\nAdobe Reader 8.0 - 8.1.2\n Adobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.adobe.com/support/security/bulletins/apsb08-15.html target=_blank>http://www.adobe.com/support/security/bulletins/apsb08-15.html</a>", "published": "2008-06-25T00:00:00", "title": "Adobe Acrobat Reader JavaScript\u65b9\u5f0f\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2641"], "modified": "2008-06-25T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-3478", "id": "SSV:3478", "sourceData": "", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-01-07T10:52:24", "description": "The remote host is affected by the vulnerability described in GLSA-200808-10\n(Adobe Reader: User-assisted execution of arbitrary code)\n\n The Johns Hopkins University Applied Physics Laboratory reported that\n input to an unspecified JavaScript method is not properly validated.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted PDF\n document, possibly resulting in the remote execution of arbitrary code\n with the privileges of the user.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 26, "published": "2008-08-11T00:00:00", "title": "GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2008-08-11T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:acroread"], "id": "GENTOO_GLSA-200808-10.NASL", "href": "https://www.tenable.com/plugins/nessus/33858", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200808-10.\n#\n# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33858);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2008-2641\");\n script_xref(name:\"GLSA\", value:\"200808-10\");\n\n script_name(english:\"GLSA-200808-10 : Adobe Reader: User-assisted execution of arbitrary code\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200808-10\n(Adobe Reader: User-assisted execution of arbitrary code)\n\n The Johns Hopkins University Applied Physics Laboratory reported that\n input to an unspecified JavaScript method is not properly validated.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted PDF\n document, possibly resulting in the remote execution of arbitrary code\n with the privileges of the user.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200808-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Reader users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-8.1.2-r3'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/08/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/08/11\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/acroread\", unaffected:make_list(\"ge 8.1.2-r3\"), vulnerable:make_list(\"lt 8.1.2-r3\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Reader\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:23", "description": "The version of Adobe Reader installed on the remote Windows host\ncontains a flaw in the function Collab.collectEmailInfo() that could\nallow a remote attacker to crash the application and/or to take\ncontrol of the affected system.\n\nTo exploit this flaw, an attacker would need to trick a user on the\naffected system into opening a specially crafted PDF file.", "edition": 24, "published": "2008-06-25T00:00:00", "title": "Adobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_812_SU1.NASL", "href": "https://www.tenable.com/plugins/nessus/33256", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(33256);\n script_version(\"1.21\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2008-2641\");\n script_bugtraq_id(29908);\n script_xref(name:\"Secunia\", value:\"30832\");\n\n script_name(english:\"Adobe Reader < 7.1.0 / 8.1.2 SU1 Unspecified JavaScript Method Handling Arbitrary Code Execution\");\n script_summary(english:\"Checks version of Adobe Reader / Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains an application that allows remote\ncode execution.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Windows host\ncontains a flaw in the function Collab.collectEmailInfo() that could\nallow a remote attacker to crash the application and/or to take\ncontrol of the affected system.\n\nTo exploit this flaw, an attacker would need to trick a user on the\naffected system into opening a specially crafted PDF file.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.adobe.com/support/security/bulletins/apsb08-15.html\");\n # https://helpx.adobe.com/acrobat/release-note/release-notes-acrobat-reader.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?341ea92b\" );\n script_set_attribute(attribute:\"solution\", value:\n\"- If running 7.x, upgrade to version 7.1.0 or later.\n\n- If running 8.x, upgrade to 8.1.2, if necessary, and then\n apply\n Adobe's Security Update 1 for 8.1.2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/06/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n script_copyright(english:\"This script is Copyright (C) 2008-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_reader_installed.nasl\");\n script_require_keys(\"SMB/Acroread/Version\");\n script_require_ports(139,445);\n exit(0);\n}\n\n#\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"audit.inc\");\n\nport = kb_smb_transport();\ninfo = NULL;\nvers = get_kb_list('SMB/Acroread/Version');\nif (isnull(vers)) exit(0, 'The \"SMB/Acroread/Version\" KB item is missing.');\n\nforeach ver (vers)\n{\n path = get_kb_item('SMB/Acroread/'+ver+'/Path');\n if (isnull(path)) exit(1, 'The \"SMB/Acroread/'+ver+'/Path\" KB item is missing.');\n\n verui = get_kb_item('SMB/Acroread/'+ver+'/Version_UI');\n if (isnull(verui)) exit(1, 'The \"SMB/Acroread/'+ver+'/Version_UI\" KB item is missing.');\n\n # Regex stolen from adobe_reader_812.nasl\n if (ver && ver =~ \"^([0-6]\\.|7\\.0|8\\.(0\\.|1\\.[01][^0-9.]?))\" )\n info += ' - ' + verui + ', under ' + path + '\\n';\n else if (ver && ver =~ \"^8\\.1\\.2($|[^0-9])\" )\n {\n # Check HKLM\\SOFTWARE\\Adobe\\Acrobat Reader\\8.0\\Installer\\VersionSU\n\n # Connect to the appropriate share.\n name = kb_smb_name();\n #if (!get_port_state(port)) exit(0);\n login = kb_smb_login();\n pass = kb_smb_password();\n domain = kb_smb_domain();\n\n #soc = open_sock_tcp(port);\n #if (!soc) exit(0);\n\n #session_init(socket:soc, hostname:name);\n if(!smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\n rc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\n if (rc != 1)\n {\n NetUseDel();\n exit(0);\n }\n\n hklm_handle = RegConnectRegistry (hkey:HKEY_LOCAL_MACHINE);\n\n if (!isnull(hklm_handle))\n {\n handle = RegOpenKey(handle:hklm_handle,\n key:\"SOFTWARE\\Adobe\\Acrobat Reader\\8.0\\Installer\",\n mode:MAXIMUM_ALLOWED);\n\n if (!isnull(handle))\n {\n value = RegQueryValue(handle:handle, item:\"VersionSU\");\n\n # There is no value if there are no security updates\n # There is the assumption that security updates are cumulative\n if (isnull(value))\n info += ' - ' + verui + ', under ' + path + '\\n';\n\n RegCloseKey(handle:handle);\n }\n\n RegCloseKey(handle:hklm_handle);\n }\n\n # Clean up\n NetUseDel ();\n }\n}\n\nif (isnull(info)) exit(0, 'The host is not affected.');\n\nif (report_verbosity > 0)\n{\n if (max_index(split(info)) > 1) s = \"s of Adobe Reader are\";\n else s = \" of Adobe Reader is\";\n\n report =\n '\\nThe following vulnerable instance'+s+' installed on the'+\n '\\nremote host :\\n\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n}\nelse security_hole(port);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:01", "description": "The version of Adobe Acrobat installed on the remote Windows host\ncontains a flaw in the 'Collab.collectEmailInfo()' function that may\nallow a remote attacker to crash the application or to take control of\nthe affected system. \n\nTo exploit this flaw, an attacker would need to trick a user on the\naffected system into opening a specially crafted PDF file using the\naffected application.", "edition": 25, "published": "2009-08-28T00:00:00", "title": "Adobe Acrobat < 7.1.0 / 8.1.2 Unspecified JavaScript Method Handling Arbitrary Code Execution", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_812_SU1.NASL", "href": "https://www.tenable.com/plugins/nessus/40801", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(40801);\n script_version(\"1.13\");\n\n script_cve_id(\"CVE-2008-2641\");\n script_bugtraq_id(29908);\n script_xref(name:\"Secunia\", value:\"30832\");\n\n script_name(english:\"Adobe Acrobat < 7.1.0 / 8.1.2 Unspecified JavaScript Method Handling Arbitrary Code Execution\");\n script_summary(english:\"Checks version of Adobe Acrobat / Security Updates\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Acrobat on the remote Windows host is affected by\na JavaScript parsing vulnerability.\" );\n\n script_set_attribute(\n attribute:\"description\",\n value:\"The version of Adobe Acrobat installed on the remote Windows host\ncontains a flaw in the 'Collab.collectEmailInfo()' function that may\nallow a remote attacker to crash the application or to take control of\nthe affected system. \n\nTo exploit this flaw, an attacker would need to trick a user on the\naffected system into opening a specially crafted PDF file using the\naffected application.\"\n );\n\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb08-15.html\"\n );\n\n script_set_attribute(\n attribute:\"solution\",\n value: \"Upgrade to Adobe Acrobat 7.1.0 / 8.1.2 with Security Update 1 or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute( attribute:'vuln_publication_date', value:'2008/06/23' );\n script_set_attribute( attribute:'patch_publication_date', value:'2008/06/23' );\n script_set_attribute( attribute:'plugin_publication_date', value:'2009/08/28' );\n\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"adobe_acrobat_installed.nasl\");\n script_require_keys(\"SMB/Acrobat/Version\");\n script_require_ports(139,445);\n\n exit(0);\n}\n\ninclude(\"global_settings.inc\");\ninclude(\"smb_func.inc\");\n\nversion = get_kb_item(\"SMB/Acrobat/Version\");\nif (isnull(version)) exit(1, \"The 'SMB/Acrobat/Version' KB item is missing.\");\n\n# Regex stolen from adobe_acrobat_812.nasl\nif (\n version =~ \"^([0-6]\\.|7\\.0|8\\.(0\\.|1\\.[01][^0-9.]?))\" ||\n (version =~ \"^8\\.1\\.2($|[^0-9])\" && !get_kb_item(\"SMB/Acrobat/812su1Installed\"))\n)\n{\n version_ui = get_kb_item(\"SMB/Acrobat/Version_UI\");\n if (report_verbosity > 0 && version_ui)\n {\n path = get_kb_item(\"SMB/Acrobat/Path\");\n if (isnull(path)) path = \"n/a\";\n\n report = string(\n \"\\n\",\n \" Path : \", path, \"\\n\",\n \" Installed version : \", version_ui, \"\\n\",\n \" Fix : 8.1.2 Security Update 1 / 7.1.0\\n\"\n );\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n}\nelse \n{\n if (version =~ \"^8\\.1\\.2($|[^0-9])\" && get_kb_item(\"SMB/Acrobat/812su1Installed\"))\n exit(0, \"Acrobat \"+version+\" with Security Update 1 is not affected.\");\n else exit(0, \"Acrobat \"+version+\" is not affected.\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:02:59", "description": "This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)", "edition": 25, "published": "2009-07-21T00:00:00", "title": "openSUSE Security Update : acroread (acroread-115)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2009-07-21T00:00:00", "cpe": ["cpe:/o:novell:opensuse:11.0", "p-cpe:/a:novell:opensuse:acroread"], "id": "SUSE_11_0_ACROREAD-080722.NASL", "href": "https://www.tenable.com/plugins/nessus/39904", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-115.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(39904);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2641\");\n\n script_name(english:\"openSUSE Security Update : acroread (acroread-115)\");\n script_summary(english:\"Check for the acroread-115 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=404976\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/07/21\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.0\", reference:\"acroread-8.1.2_SU1-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:42:53", "description": "This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)", "edition": 25, "published": "2008-07-24T00:00:00", "title": "SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5466)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2008-07-24T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-5466.NASL", "href": "https://www.tenable.com/plugins/nessus/33572", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33572);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2641\");\n\n script_name(english:\"SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5466)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2008-2641.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 5466.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:1, reference:\"acroread-8.1.2_SU1-0.2\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:2, reference:\"acroread-8.1.2_SU1-0.2\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:42:54", "description": "This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)", "edition": 25, "published": "2008-07-24T00:00:00", "title": "openSUSE 10 Security Update : acroread (acroread-5467)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641"], "modified": "2008-07-24T00:00:00", "cpe": ["cpe:/o:novell:opensuse:10.3", "cpe:/o:novell:opensuse:10.2", "p-cpe:/a:novell:opensuse:acroread"], "id": "SUSE_ACROREAD-5467.NASL", "href": "https://www.tenable.com/plugins/nessus/33573", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-5467.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(33573);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-2641\");\n\n script_name(english:\"openSUSE 10 Security Update : acroread (acroread-5467)\");\n script_summary(english:\"Check for the acroread-5467 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update of acroread fixes an unknown error in a JavaScript method\nthat can lead to remote code execution. (CVE-2008-2641)\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2008/07/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2008-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.2|SUSE10\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.2 / 10.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.2\", reference:\"acroread-8.1.2_SU1-0.1\") ) flag++;\nif ( rpm_check(release:\"SUSE10.3\", reference:\"acroread-8.1.2_SU1-0.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T13:06:14", "description": "Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Acrobat Reader allows users to view and print documents in\nPortable Document Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to\ncrash or, potentially, execute arbitrary code as the user running\nAcrobat Reader. (CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat\nReader 'acroread' startup script. A local attacker could potentially\noverwrite arbitrary files that were writable by the user running\nAcrobat Reader, if the victim ran 'acroread' with certain command line\narguments. (CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages,\nthat contain Acrobat Reader version 8.1.2 Security Update 1, and are\nnot vulnerable to these issues.", "edition": 29, "published": "2009-08-24T00:00:00", "title": "RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-2641", "CVE-2008-0883"], "modified": "2009-08-24T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:3", "cpe:/o:redhat:enterprise_linux:4", "cpe:/o:redhat:enterprise_linux:5", "cpe:/o:redhat:enterprise_linux:5.2", "p-cpe:/a:redhat:enterprise_linux:acroread-plugin", "p-cpe:/a:redhat:enterprise_linux:acroread", "cpe:/o:redhat:enterprise_linux:4.6"], "id": "REDHAT-RHSA-2008-0641.NASL", "href": "https://www.tenable.com/plugins/nessus/40724", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Red Hat Security Advisory RHSA-2008:0641. The text \n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(40724);\n script_version(\"1.29\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2008-0883\", \"CVE-2008-2641\");\n script_bugtraq_id(28091);\n script_xref(name:\"RHSA\", value:\"2008:0641\");\n\n script_name(english:\"RHEL 3 / 4 / 5 : acroread (RHSA-2008:0641)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Red Hat host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Updated acroread packages that fix various security issues are now\navailable for Red Hat Enterprise Linux 3 Extras, 4 Extras, and 5\nSupplementary.\n\nThis update has been rated as having critical security impact by the\nRed Hat Security Response Team.\n\nAdobe Acrobat Reader allows users to view and print documents in\nPortable Document Format (PDF).\n\nAn input validation flaw was discovered in a JavaScript engine used by\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to\ncrash or, potentially, execute arbitrary code as the user running\nAcrobat Reader. (CVE-2008-2641)\n\nAn insecure temporary file usage issue was discovered in the Acrobat\nReader 'acroread' startup script. A local attacker could potentially\noverwrite arbitrary files that were writable by the user running\nAcrobat Reader, if the victim ran 'acroread' with certain command line\narguments. (CVE-2008-0883)\n\nAll acroread users are advised to upgrade to these updated packages,\nthat contain Acrobat Reader version 8.1.2 Security Update 1, and are\nnot vulnerable to these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-0883\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/security/cve/cve-2008-2641\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://access.redhat.com/errata/RHSA-2008:0641\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread and / or acroread-plugin packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_cwe_id(59);\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:acroread-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:5.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2008/03/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2008/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/08/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Red Hat\" >!< release) audit(AUDIT_OS_NOT, \"Red Hat\");\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Red Hat\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(3|4|5)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Red Hat 3.x / 4.x / 5.x\", \"Red Hat \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"s390\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Red Hat\", cpu);\nif (cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i386\", cpu);\n\nyum_updateinfo = get_kb_item(\"Host/RedHat/yum-updateinfo\");\nif (!empty_or_null(yum_updateinfo)) \n{\n rhsa = \"RHSA-2008:0641\";\n yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);\n if (!empty_or_null(yum_report))\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : yum_report \n );\n exit(0);\n }\n else\n {\n audit_message = \"affected by Red Hat security advisory \" + rhsa;\n audit(AUDIT_OS_NOT, audit_message);\n }\n}\nelse\n{\n flag = 0;\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2\")) flag++;\n\n if (rpm_check(release:\"RHEL3\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2\")) flag++;\n\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2.el4\")) flag++;\n\n if (rpm_check(release:\"RHEL4\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2.el4\")) flag++;\n\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-8.1.2.SU1-2.el5\")) flag++;\n\n if (rpm_check(release:\"RHEL5\", cpu:\"i386\", reference:\"acroread-plugin-8.1.2.SU1-2.el5\")) flag++;\n\n\n if (flag)\n {\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n }\n else\n {\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread / acroread-plugin\");\n }\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "redhat": [{"lastseen": "2019-08-13T18:45:59", "bulletinFamily": "unix", "cvelist": ["CVE-2008-0883", "CVE-2008-2641"], "description": "Adobe Acrobat Reader allows users to view and print documents in Portable\r\nDocument Format (PDF).\r\n\r\nAn input validation flaw was discovered in a JavaScript engine used by\r\nAcrobat Reader. A malicious PDF file could cause Acrobat Reader to crash\r\nor, potentially, execute arbitrary code as the user running Acrobat Reader.\r\n(CVE-2008-2641)\r\n\r\nAn insecure temporary file usage issue was discovered in the Acrobat Reader\r\n\"acroread\" startup script. A local attacker could potentially overwrite\r\narbitrary files that were writable by the user running Acrobat Reader, if\r\nthe victim ran \"acroread\" with certain command line arguments.\r\n(CVE-2008-0883)\r\n\r\nAll acroread users are advised to upgrade to these updated packages, that\r\ncontain Acrobat Reader version 8.1.2 Security Update 1, and are not\r\nvulnerable to these issues.", "modified": "2018-05-26T04:26:19", "published": "2008-07-21T04:00:00", "id": "RHSA-2008:0641", "href": "https://access.redhat.com/errata/RHSA-2008:0641", "type": "redhat", "title": "(RHSA-2008:0641) Critical: acroread security update", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}