SB2009101304 - Multiple vulnerabilities in Adobe Reader and Adobe Acrobat
Published: October 13, 2009 Updated: December 22, 2016
Security Bulletin ID
SB2009101304
Severity
High
Patch available
YES
Number of vulnerabilities
26
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 secuirty vulnerabilities.
1) Memory corruption (CVE-ID: CVE-2009-3462)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to format bug when running in Debug mode on UNIX system. A remote attacker can trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
2) Security bypass (CVE-ID: CVE-2009-3461)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to insufficient access controls that leads to file extension security controls bypass.
Succesful exploitation of the vulnerability results in file-extension restrictions bypass on the vulnerable system.
3) Memory corruption (CVE-ID: CVE-2009-3460)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malformed documents. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
4) Memory corruption (CVE-ID: CVE-2009-3458)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling a malicious input. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
5) Denial of service (CVE-ID: CVE-2009-3431)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to stack consumption when handling malformed documents. A remote attacker can create a specially crafted PDF file with a large number of [ (open square bracket) characters in the argument to the alert method, trick the victim into opening it, trigger memory cause the affected application to crash.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
6) Memory corruption (CVE-ID: CVE-2009-2998)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling malicious input. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
7) Heap-based buffer overflow (CVE-ID: CVE-2009-2997)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malformed PDF file. A remote attacker can create a specially crafted.pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
8) Memory corruption (CVE-ID: CVE-2009-2996)
The vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.The weakness exists due to image decoder issue. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
9) Integer Overflow or Wraparound (CVE-ID: CVE-2009-2995)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to integer overflow that triggers the application to crash.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
10) Heap-based buffer overflow (CVE-ID: CVE-2009-2994)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow, caused by an integer overflow in CLOD Mesh Declaration block. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
11) Improper Handling of Parameters (CVE-ID: CVE-2009-2993)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to improper implementation of the Privileged Context and Safe Path restrictions for unspecified JavaScript methods. A remote attacker can create a specially crafted PDF file containing the cPath parameter, trick the victim into opening it and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
12) Denial of service (CVE-ID: CVE-2009-2992)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to an error in ActiveX control. By persuading a victim to visit a Web page that passes specially crafted arguments, a remote attacker can cause the affected application to crash.
Successful exploitation of the vulnerability may result in denial of service.
13) Memory corruption (CVE-ID: CVE-2009-2991)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
14) Improper Validation of Array Index (CVE-ID: CVE-2009-2990)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to array indexing error in the 3difr.x3d plugin. A remote attacker can create a specially crafted U3D file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
15) Integer Overflow or Wraparound (CVE-ID: CVE-2009-2989)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to integer overflow when handling a malformed PDF document. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
16) Denial of service (CVE-ID: CVE-2009-2988)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to an error in ActiveX control. By sending a specially crafted .pdf file, a remote attacker can cause the application to crash.
Successful exploitation of the vulnerability may result in denial of service.
17) Denial of service (CVE-ID: CVE-2009-2987)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to an error in ActiveX control. By persuading a victim to visit a Web page that passes specially crafted arguments, a remote attacker can cause the application to crash.
Successful exploitation of the vulnerability may result in denial of service on the vulnerable system.
18) Heap-based buffer overflow (CVE-ID: CVE-2009-2986)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to heap-based buffer overflow when handling malformed PDF document. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
19) Memory corruption (CVE-ID: CVE-2009-2985)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.The weakness exists due to boundary error when handling a malformed Compact Font Format stream embedded within a PDF document. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code.
Successful exploitation of the vulnerability may result in arbitrary code execution on the vulnerable system.
20) Memory corruption (CVE-ID: CVE-2009-2984)
The vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.The weakness exists due to image decoder issue. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
21) Memory corruption (CVE-ID: CVE-2009-2983)
The vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.The weakness exists due to boundary error when handling COM objects. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
22) Spoofing attack (CVE-ID: CVE-2009-2982)
The vulnerability allows a remote attacker to perform spoofing attack on the target system.
The vulnerability exists due to improper verification of certificates. A remote attacker can use man-in-the-middle techniques to spoof certificates, redirect a victim to a malicious Web site that would appear to be trusted and inject arbitrary data in server response.
Successful exploitation of this vulnerability may result in information disclosure and further attacks on the vulnerable system.
23) Security bypass (CVE-ID: CVE-2009-2981)
The vulnerability allows a remote attacker to bypass security restrictions on the target system.The weakness exists due to improper input validation. A remote attacker can create a specially crafted file, trick the victim into opening it and bypass Trust Manager restrictions.
Successful exploitation of the vulnerability may result in access to the vulnerable application.
24) Integer Overflow or Wraparound (CVE-ID: CVE-2009-2980)
The vulnerability allows a remote attacker to trigger DoS conditions and even execute arbitrary code on the target system.The weakness exists due to integer overflow when processing a malformed PDF file. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system or cause denial of service with privileges of the current user.
Successful exploitation of the vulnerability results in denial of service or arbitrary code execution on the vulnerable system.
25) XML entity expansion (CVE-ID: CVE-2009-2979)
The vulnerability allows a remote attacker to cause DoS conditions on the target system.The weakness exists due to XMP-XML entity expansion. A remote attacker can create a specially crafted file, trick the victim into opening it and trigger the application to crash.
Successful exploitation of the vulnerability results in denial of service on the vulnerable system.
26) Privilege escalation (CVE-ID: CVE-2009-2564)
The vulnerability allows a local attacker to obtain elevated privileges on vulnerable system.
The vulnerability exists due to insecure permissions on the NOS directory in getPlus Download Manager. By replacing the getPlus_HelperSvc.exe file, an attacker could exploit this vulnerability to gain SYSTEM privileges.
Successful exploitation of this vulnerability may allow a local user to obtain full access to vulnerable system.
Remediation
Install update from vendor's website.