Vulners
Lucene search
Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Windows)
🗓️ 05 Nov 2008 00:00:00Reported by Copyright (C) 2008 Greenbone Networks GmbHType 
openvas🔗 plugins.openvas.org👁 34 Views
| Reporter | Title | Published | Views | Family All 120 |
|---|---|---|---|---|
 | Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit | 5 Nov 200800:00 | – | zdt |
| Adobe Reader util.printf() JavaScript Function Stack Overflow Exploit #2 | 5 Nov 200800:00 | – | zdt |
 | Immunity Canvas: ACROBAT_JS3 | 4 Nov 200818:29 | – | canvas |
 | Adobe Acrobat < 8.1.3 Multiple Vulnerabilities | 28 Aug 200900:00 | – | nessus |
| Adobe Reader < 8.1.3 / 9.0 Multiple Vulnerabilities | 4 Nov 200800:00 | – | nessus |
| GLSA-200901-09 : Adobe Reader: User-assisted execution of arbitrary code | 14 Jan 200900:00 | – | nessus |
| RHEL 3 / 4 / 5 : acroread (RHSA-2008:0974) | 24 Aug 200900:00 | – | nessus |
| openSUSE Security Update : acroread (acroread-295) | 21 Jul 200900:00 | – | nessus |
| SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5746) | 24 Nov 200800:00 | – | nessus |
| openSUSE 10 Security Update : acroread (acroread-5749) | 24 Nov 200800:00 | – | nessus |
10
###############################################################################
# OpenVAS Vulnerability Test
# $Id: gb_adobe_prdts_mult_vuln_nov08_win.nasl 5370 2017-02-20 15:24:26Z cfi $
#
# Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Windows)
#
# Authors:
# Chandan S <[email protected]>
#
# Copyright:
# Copyright (c) 2008 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_affected = "Adobe Reader versions 8.1.2 and prior - Windows(All)
Adobe Acrobat Professional versions 8.1.2 and prior - Windows(All)
Upgrade to 8.1.3 or higher versions,
http://www.adobe.com/products/";
tag_impact = "Successful exploitation allows remote attackers to execute arbitrary code
to cause a stack based overflow via a specially crafted PDF, and could
also take complete control of the affected system and cause the application
to crash.
Impact Level: System";
tag_insight = "The flaws are due to,
- a boundary error when parsing format strings containing a floating point
specifier in the util.printf() Javascript function.
- improper parsing of type 1 fonts.
- bounds checking not being performed after allocating an area of memory.";
tag_summary = "This host has Adobe Reader/Acrobat installed, which is/are prone
to multiple vulnerabilities.";
if(description)
{
script_id(800050);
script_version("$Revision: 5370 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 16:24:26 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2008-11-05 13:21:04 +0100 (Wed, 05 Nov 2008)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_cve_id("CVE-2008-2992", "CVE-2008-2549", "CVE-2008-4812",
"CVE-2008-4813", "CVE-2008-4817", "CVE-2008-4816",
"CVE-2008-4814", "CVE-2008-4815");
script_bugtraq_id(30035, 32100);
script_name("Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Windows)");
script_xref(name : "URL" , value : "http://www.adobe.com/support/security/bulletins/apsb08-19.html");
script_xref(name : "URL" , value : "http://www.coresecurity.com/content/adobe-reader-buffer-overflow");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 Greenbone Networks GmbH");
script_family("Buffer overflow");
script_dependencies("secpod_reg_enum.nasl");
script_mandatory_keys("SMB/WindowsVersion");
script_require_ports(139, 445);
script_tag(name : "impact" , value : tag_impact);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "affected" , value : tag_affected);
script_tag(name:"qod_type", value:"registry");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("smb_nt.inc");
include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
exit(0);
}
if(!registry_key_exists(key:"SOFTWARE\Adobe")){
exit(0);
}
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
if(!registry_key_exists(key:key)){
exit(0);
}
keys = registry_enum_keys(key:key);
foreach item (keys)
{
adobeName = registry_get_sz(item:"DisplayName", key:key +item);
if("Adobe Reader" >< adobeName || "Adobe Acrobat" >< adobeName)
{
adobeVer = registry_get_sz(item:"DisplayVersion", key:key + item);
if(!adobeVer){
exit(0);
}
if(adobeVer =~ "^(7.*|8\.0(\..*)?|8\.1(\.[0-2])?)$"){
security_message(0);
}
exit(0);
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Feb 2017 00:00Current
0.9Low risk
Vulners AI Score0.9
EPSS0.93738