Test ID:	1.3.6.1.4.1.25623.1.0.63973
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2009:0478
Summary:	The remote host is missing updates announced in;advisory RHSA-2009:0478.;;Adobe Reader allows users to view and print documents in Portable Document;Format (PDF).;;Two flaws were discovered in Adobe Reader's JavaScript API. A PDF file;containing malicious JavaScript instructions could cause Adobe Reader to;crash or, potentially, execute arbitrary code as the user running Adobe;Reader. (CVE-2009-1492, CVE-2009-1493);;All Adobe Reader users should install these updated packages. They contain;Adobe Reader version 8.1.5, which is not vulnerable to these issues. All;running instances of Adobe Reader must be restarted for the update to take;effect.
Description:	Summary: The remote host is missing updates announced in advisory RHSA-2009:0478. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). Two flaws were discovered in Adobe Reader's JavaScript API. A PDF file containing malicious JavaScript instructions could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader. (CVE-2009-1492, CVE-2009-1493) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 8.1.5, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1492 BugTraq ID: 34736 http://www.securityfocus.com/bid/34736 Cert/CC Advisory: TA09-133B http://www.us-cert.gov/cas/techalerts/TA09-133B.html CERT/CC vulnerability note: VU#970180 http://www.kb.cert.org/vuls/id/970180 https://www.exploit-db.com/exploits/8569 http://security.gentoo.org/glsa/glsa-200907-06.xml http://blogs.adobe.com/psirt/2009/04/potential_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/getannots.txt http://osvdb.org/54130 http://www.redhat.com/support/errata/RHSA-2009-0478.html http://www.securitytracker.com/id?1022139 http://secunia.com/advisories/34924 http://secunia.com/advisories/35055 http://secunia.com/advisories/35096 http://secunia.com/advisories/35152 http://secunia.com/advisories/35358 http://secunia.com/advisories/35416 http://secunia.com/advisories/35734 http://sunsolve.sun.com/search/document.do?assetkey=1-66-259028-1 SuSE Security Announcement: SUSE-SA:2009:027 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00001.html SuSE Security Announcement: SUSE-SR:2009:011 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00003.html http://www.vupen.com/english/advisories/2009/1189 http://www.vupen.com/english/advisories/2009/1317 XForce ISS Database: reader-getannots-code-execution(50145) https://exchange.xforce.ibmcloud.com/vulnerabilities/50145 Common Vulnerability Exposure (CVE) ID: CVE-2009-1493 BugTraq ID: 34740 http://www.securityfocus.com/bid/34740 https://www.exploit-db.com/exploits/8570 http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html http://packetstorm.linuxsecurity.com/0904-exploits/spell.txt http://osvdb.org/54129 XForce ISS Database: reader-spellcustom-code-execution(50146) https://exchange.xforce.ibmcloud.com/vulnerabilities/50146
Copyright	Copyright (C) 2009 E-Soft Inc.

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.