Denial of Service : Adobe Reader/Acrobat Denial of Service Vulnerability (May 2009)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.800706

Categoría: Denial of Service

Título: Adobe Reader/Acrobat Denial of Service Vulnerability (May 2009)

Resumen: Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability.

Descripción: Summary:
Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability.

Vulnerability Insight:
This flaw is due to memory corruption error in 'getAnnots' methods in the
JavaScript API while processing malicious PDF files that calls this vulnerable
method with crafted integer arguments.

Vulnerability Impact:
Successful exploitation will let the attacker cause memory corruption or
denial of service.

Affected Software/OS:
Adobe Reader/Acrobat version 9.1 and prior on Windows.

Solution:
Upgrade to Adobe Reader/Acrobat version 9.3.2 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1492
BugTraq ID: 34736
http://www.securityfocus.com/bid/34736
Cert/CC Advisory: TA09-133B
http://www.us-cert.gov/cas/techalerts/TA09-133B.html
CERT/CC vulnerability note: VU#970180
http://www.kb.cert.org/vuls/id/970180
https://www.exploit-db.com/exploits/8569
http://security.gentoo.org/glsa/glsa-200907-06.xml
http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html
http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt
http://osvdb.org/54130
http://www.redhat.com/support/errata/RHSA-2009-0478.html
http://www.securitytracker.com/id?1022139
http://secunia.com/advisories/34924
http://secunia.com/advisories/35055
http://secunia.com/advisories/35096
http://secunia.com/advisories/35152
http://secunia.com/advisories/35358
http://secunia.com/advisories/35416
http://secunia.com/advisories/35734
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1
SuSE Security Announcement: SUSE-SA:2009:027 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html
SuSE Security Announcement: SUSE-SR:2009:011 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html
http://www.vupen.com/english/advisories/2009/1189
http://www.vupen.com/english/advisories/2009/1317
XForce ISS Database: reader-getannots-code-execution(50145)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50145

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.800706
Categoría:	Denial of Service
Título:	Adobe Reader/Acrobat Denial of Service Vulnerability (May 2009)
Resumen:	Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability.
Descripción:	Summary: Adobe Reader/Acrobat is prone to a denial of service (DoS) vulnerability. Vulnerability Insight: This flaw is due to memory corruption error in 'getAnnots' methods in the JavaScript API while processing malicious PDF files that calls this vulnerable method with crafted integer arguments. Vulnerability Impact: Successful exploitation will let the attacker cause memory corruption or denial of service. Affected Software/OS: Adobe Reader/Acrobat version 9.1 and prior on Windows. Solution: Upgrade to Adobe Reader/Acrobat version 9.3.2 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1492 BugTraq ID: 34736 http://www.securityfocus.com/bid/34736 Cert/CC Advisory: TA09-133B http://www.us-cert.gov/cas/techalerts/TA09-133B.html CERT/CC vulnerability note: VU#970180 http://www.kb.cert.org/vuls/id/970180 https://www.exploit-db.com/exploits/8569 http://security.gentoo.org/glsa/glsa-200907-06.xml http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://osvdb.org/54130 http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.securitytracker.com/id?1022139 http://secunia.com/advisories/34924 http://secunia.com/advisories/35055 http://secunia.com/advisories/35096 http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 SuSE Security Announcement: SUSE-SA:2009:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/1189 http://www.vupen.com/english/advisories/2009/1317 XForce ISS Database: reader-getannots-code-execution(50145) https://exchange.xforce.ibmcloud.com/vulnerabilities/50145
Copyright	Copyright (C) 2009 Greenbone AG