Denial of Service : Adobe Reader Denial of Service Vulnerability (May 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800701

Categoría: Denial of Service

Título: Adobe Reader Denial of Service Vulnerability (May 2009)

Resumen: Adobe Reader is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Adobe Reader is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
These flaws are due to a memory corruption errors in 'customDictionaryOpen'
and 'getAnnots' methods in the JavaScript API while processing malicious PDF
files with a long string in the second argument.

Vulnerability Impact:
Successful exploitation will let the attacker cause memory corruption or
denial of service.

Affected Software/OS:
Adobe Reader version 9.1 and prior on Linux.

Solution:
Upgrade Adobe Reader version 9.3.2 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1493
BugTraq ID: 34740
http://www.securityfocus.com/bid/34740
Cert/CC Advisory: TA09-133B
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
CERT/CC vulnerability note: VU#970180
http://www.kb.cert.org/vuls/id/970180
https://www.exploit-db.com/exploits/8570
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html
http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt
http://osvdb.org/54129
http://www.redhat.com/support/errata/RHSA-2009-0478.html
http://www.securitytracker.com/id?1022139
http://secunia.com/advisories/34924
http://secunia.com/advisories/35055
http://secunia.com/advisories/35096
http://secunia.com/advisories/35152
http://secunia.com/advisories/35358
http://secunia.com/advisories/35416
http://secunia.com/advisories/35734
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
SuSE Security Announcement: SUSE-SA:2009:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.vupen.com/english/advisories/2009/1189
http://www.vupen.com/english/advisories/2009/1317
XForce ISS Database: reader-spellcustom-code-execution(50146)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Common Vulnerability Exposure (CVE) ID: CVE-2009-1492
BugTraq ID: 34736
http://www.securityfocus.com/bid/34736
https://www.exploit-db.com/exploits/8569
http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
http://osvdb.org/54130
XForce ISS Database: reader-getannots-code-execution(50145)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50145

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800701
Categoría:	Denial of Service
Título:	Adobe Reader Denial of Service Vulnerability (May 2009)
Resumen:	Adobe Reader is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Adobe Reader is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: These flaws are due to a memory corruption errors in 'customDictionaryOpen' and 'getAnnots' methods in the JavaScript API while processing malicious PDF files with a long string in the second argument. Vulnerability Impact: Successful exploitation will let the attacker cause memory corruption or denial of service. Affected Software/OS: Adobe Reader version 9.1 and prior on Linux. Solution: Upgrade Adobe Reader version 9.3.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1493 BugTraq ID: 34740 http://www.securityfocus.com/bid/34740 Cert/CC Advisory: TA09-133B http://www.us-cert.gov/cas/techalerts/TA09-133B.html CERT/CC vulnerability note: VU#970180 http://www.kb.cert.org/vuls/id/970180 https://www.exploit-db.com/exploits/8570 http://security.gentoo.org/glsa/glsa-200907-06.xml http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt http://osvdb.org/54129 http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.securitytracker.com/id?1022139 http://secunia.com/advisories/34924 http://secunia.com/advisories/35055 http://secunia.com/advisories/35096 http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 SuSE Security Announcement: SUSE-SA:2009:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/1189 http://www.vupen.com/english/advisories/2009/1317 XForce ISS Database: reader-spellcustom-code-execution(50146) https://exchange.xforce.ibmcloud.com/vulnerabilities/50146 Common Vulnerability Exposure (CVE) ID: CVE-2009-1492 BugTraq ID: 34736 http://www.securityfocus.com/bid/34736 https://www.exploit-db.com/exploits/8569 http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://osvdb.org/54130 XForce ISS Database: reader-getannots-code-execution(50145) https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
Copyright	Copyright (C) 2009 Greenbone AG