Specially crafted PDF files could crash acroread. Attackers could potentially exploit that to execute arbitrary code (CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324). Acrobat reader was updated to version 9.3 to fix the security issues. Note: Due to integration issues with the major version update of acroread on SLE10 updates for SLE10 are not ready yet. Fixed packages will be submitted ASAP.

Solution

There is no known workaround, please install the update packages.

OSVersionArchitecturePackageVersionFilename
openSUSE11.0i586acroread< 9.3-0.1acroread-9.3-0.1.i586.rpm
openSUSE11.2i586acroread< 9.3-0.1.1acroread-9.3-0.1.1.i586.rpm
openSUSE11.1i586acroread< 9.3-0.1.1acroread-9.3-0.1.1.i586.rpm
SUSE Linux Enterprise Server11i586acroread-debuginfo< 9.3-0.1.1acroread-debuginfo-9.3-0.1.1.i586.rpm

OS	Version	Architecture	Package	Version	Filename
openSUSE	11.0	i586	acroread	< 9.3-0.1	acroread-9.3-0.1.i586.rpm
openSUSE	11.2	i586	acroread	< 9.3-0.1.1	acroread-9.3-0.1.1.i586.rpm
openSUSE	11.1	i586	acroread	< 9.3-0.1.1	acroread-9.3-0.1.1.i586.rpm
SUSE Linux Enterprise Server	11	i586	acroread-debuginfo	< 9.3-0.1.1	acroread-debuginfo-9.3-0.1.1.i586.rpm

openvas 49

nessus 49

threatpost 2

redhat 4

securityvulns 9

ubuntu 2

centos 1

oraclelinux 1

gentoo 1

debiancve 3

slackware 1

fedora 4

f5 4

ubuntucve 4

prion 11

veracode 1

cve 7

osv 3

debian 7

altlinux 5

seebug 6

checkpoint_advisories 10

cisa_kev 2

packetstorm 3

saint 4

attackerkb 1

cert 2

exploitpack 1

canvas 1

openssl 1

openvas

SuSE Update for acroread SUSE-SA:2010:008

2010-01-29 00:00:00

SuSE Update for acroread SUSE-SA:2010:008

2010-01-29 00:00:00

Adobe Reader Multiple Vulnerabilities -jan10 (Linux)

2010-01-16 00:00:00

nessus

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6804)

2011-01-27 00:00:00

SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6805)

2011-01-27 00:00:00

SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1850)

2010-01-25 00:00:00

threatpost

Adobe PDF Reader Gets Another Security Makeover

2010-01-13 15:57:31

Attackers Targeting Unpatched Adobe Flaws

2009-12-15 14:26:19

redhat

(RHSA-2010:0038) Critical: acroread security update

2010-01-13 00:00:00

(RHSA-2010:0037) Critical: acroread security and bug fix update

2010-01-13 00:00:00

(RHSA-2010:0060) Critical: acroread security update

2010-01-20 00:00:00

securityvulns

Security updates available for Adobe Reader and Acrobat

2010-01-17 00:00:00

Adobe Acrobat and Reader multiple security vulnerabilities

2010-03-15 00:00:00

[ MDVSA-2010:021 ] bind

2010-01-21 00:00:00

ubuntu

Bind vulnerabilities

2010-01-20 00:00:00

gzip vulnerabilities

2010-01-20 00:00:00

centos

bind, caching security update

2010-01-20 17:59:57

oraclelinux

bind security update

2010-01-20 00:00:00

gentoo

BIND: Multiple vulnerabilities

2010-06-01 00:00:00

debiancve

CVE-2010-0290

2010-01-22 22:00:00

CVE-2010-0004

2010-01-29 18:30:00

CVE-2010-0012

2010-01-08 17:30:00

slackware

[slackware-security] bind

2010-06-25 18:32:41

fedora

[SECURITY] Fedora 12 Update: bind-9.6.1-15.P3.fc12

2010-01-21 00:14:47

[SECURITY] Fedora 11 Update: gzip-1.3.12-10.fc11

2010-02-01 01:04:06

[SECURITY] Fedora 12 Update: gzip-1.3.12-14.fc12

2010-02-01 01:03:15

K15748 : BIND vulnerability CVE-2010-0290

2014-10-27 00:00:00

SOL15748 - BIND vulnerability CVE-2010-0290

2014-10-27 00:00:00

SOL17025 - BIND DNSSEC vulnerability CVE-2010-0097

2015-07-30 00:00:00

ubuntucve

CVE-2010-0290

2010-01-19 00:00:00

CVE-2010-0004

2010-01-29 00:00:00

CVE-2009-4324

2009-12-15 00:00:00

prion

Design/Logic Flaw

2010-01-22 22:00:00

Code injection

2010-01-29 18:30:00

Code injection

2010-01-13 19:30:00

veracode

Cache Poisoning Attack

2020-04-10 00:41:38

cve

CVE-2010-0290

2010-01-22 22:00:00

CVE-2010-0012

2010-01-08 17:30:00

CVE-2010-0004

2010-01-29 18:30:00

osv

bind9 - cache poisoning

2010-06-04 00:00:00

gzip - arbitrary code execution

2010-01-20 00:00:00

transmission - directory traversal

2010-01-07 00:00:00

debian

[SECURITY] [DSA 2054-2] New bind9 packages fix cache poisoning

2010-06-15 20:05:57

[SECURITY] [DSA 2054-1] New bind9 packages fix cache poisoning

2010-06-04 19:22:30

[SECURITY] [DSA 1974-1] New gzip packages fix arbitrary code execution

2010-01-20 14:16:48

altlinux

Security fix for the ALT Linux 9 package bind version 9.3.6-alt7

2011-12-16 00:00:00

Security fix for the ALT Linux 8 package bind version 9.3.6-alt7

2011-12-16 00:00:00

Security fix for the ALT Linux 7 package bind version 9.3.6-alt7

2011-12-16 00:00:00

seebug

Transmission任意文件覆盖漏洞

2010-01-12 00:00:00

Adobe Reader/Acrobat 'newplayer()' JavaScript方法远程代码执行漏洞

2009-12-17 00:00:00

Adobe Reader and Acrobat (CVE-2009-4324) Exploit

2009-12-23 00:00:00

checkpoint_advisories

Adobe Reader U3D array boundary code execution (APSB10-02: CVE-2009-3953)

2015-05-11 00:00:00

Adobe Download Manager getPlus ActiveX Control Buffer Overflow (APSB10-02; CVE-2009-3958)

2010-05-17 00:00:00

Adobe Reader U3D DLL Loading Remote Code Execution (APSB10-02; CVE-2009-3954)

2010-01-13 00:00:00

cisa_kev

Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability

2022-06-08 00:00:00

Adobe Acrobat and Reader Use-After-Free Vulnerability

2022-06-08 00:00:00

packetstorm

Adobe Doc.media.newPlayer Use After Free Vulnerability

2009-12-31 00:00:00

Adobe Reader / Acrobat Use-After-Free Calc.exe

2009-12-22 00:00:00

Adobe Doc.media.newPlayer Use After Free Vulnerability

2009-12-31 00:00:00

saint

Adobe Reader media.newPlayer Use-After-Free Code Execution

2009-12-23 00:00:00

Adobe Reader media.newPlayer Use-After-Free Code Execution

2009-12-23 00:00:00

Adobe Reader media.newPlayer Use-After-Free Code Execution

2009-12-23 00:00:00

attackerkb

CVE-2009-4324

2009-12-15 00:00:00

cert

NOS Microsystems Adobe getPlus Helper ActiveX control stack buffer overflows

2010-01-13 00:00:00

Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method

2009-12-15 00:00:00

exploitpack

Adobe Reader Acrobat - .PDF File Overflow

2009-12-23 00:00:00

canvas

Immunity Canvas: ACROBAT_NEWPLAYER

2009-12-15 02:30:00

openssl

Vulnerability in OpenSSL CVE-2009-4355

2010-01-13 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

0.972 High

EPSS

Percentile

99.8%

JSON

Related for SUSE-SA:2010:008