The remote host is affected by the vulnerability described in GLSA-200803-01 (Adobe Acrobat Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Acrobat Reader,     including:
    A file disclosure when using file:// in PDF documents     (CVE-2007-1199)     Multiple buffer overflows in unspecified JavaScript methods     (CVE-2007-5659)     An unspecified vulnerability in the Escript.api plugin     (CVE-2007-5663)     An untrusted search path (CVE-2007-5666)     Incorrect handling of printers (CVE-2008-0667)     An integer overflow when passing incorrect arguments to     'printSepsWithParams' (CVE-2008-0726)     Other unspecified vulnerabilities have also been reported     (CVE-2008-0655).
  Impact :

    A remote attacker could entice a user to open a specially crafted     document, possibly resulting in the remote execution of arbitrary code     with the privileges of the user running the application. A remote     attacker could also perform cross-site request forgery attacks, or     cause a Denial of Service.
  Workaround :

    There is no known workaround at this time.

This version update to 8.1.2 fixes numerous bugs, including some security problems. (CVE-2008-0667 / CVE-2008-0655 / CVE-2008-0726)

The version of Adobe Reader installed on the remote host is earlier than 8.1.2 or 7.1.0. Such versions are reportedly affected by multiple vulnerabilities :

  - A design error vulnerability may allow an attacker to     gain control of a user's printer.

  - Multiple stack-based buffer overflows may allow an     attacker to execute arbitrary code subject to the     user's privileges.

  - Insecure loading of 'Security Provider' libraries may     allow for arbitrary code execution.

  - An insecure method exposed by the JavaScript library     in the 'EScript.api' plug-in allows direct control     over low-level features of the object, which allows     for execution of arbitrary code as the current user.

  - Two vulnerabilities in the unpublicized function     'app.checkForUpdate()' exploited through a callback     function could lead to arbitrary code execution in     Adobe Reader 7.

Updated acroread packages that fix several security issues are now available for Red Hat Enterprise Linux 3, 4, and 5.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

The Adobe Reader allows users to view and print documents in portable document format (PDF).

Several flaws were found in the way Adobe Reader processed malformed PDF files. An attacker could create a malicious PDF file which could execute arbitrary code if opened by a victim. (CVE-2007-5659, CVE-2007-5663, CVE-2007-5666, CVE-2008-0726)

A flaw was found in the way the Adobe Reader browser plug-in honored certain requests. A malicious PDF file could cause the browser to request an unauthorized URL, allowing for a cross-site request forgery attack. (CVE-2007-0044)

A flaw was found in Adobe Reader's JavaScript API DOC.print function.
A malicious PDF file could silently trigger non-interactive printing of the document, causing multiple copies to be printed without the users consent. (CVE-2008-0667)

Additionally, this update fixes multiple unknown flaws in Adobe Reader. When the information regarding these flaws is made public by Adobe, it will be added to this advisory. (CVE-2008-0655)

Note: Adobe have yet to release security fixed versions of Adobe 7.
All users of Adobe Reader are, therefore, advised to install these updated packages. They contain Adobe Reader version 8.1.2, which is not vulnerable to these issues.

The version of Adobe Acrobat installed on the remote host is earlier than 8.1.2 or 7.1.0.  Such versions are reportedly affected by multiple vulnerabilities :

  - A design error vulnerability may allow an attacker to     gain control of a user's printer.

  - Multiple stack-based buffer overflows may allow an     attacker to execute arbitrary code subject to the     user's privileges.

  - Insecure loading of 'Security Provider' libraries may     allow for arbitrary code execution.

  - An insecure method exposed by the JavaScript library     in the 'EScript.api' plug-in allows direct control     over low-level features of the object, which allows     for execution of arbitrary code as the current user.

  - Two vulnerabilities in the unpublicized function     'app.checkForUpdate()' exploited through a callback     function could lead to arbitrary code execution in     Adobe Acrobat 7.

ID	Name	Product	Family	Published	Updated	Severity
31328	GLSA-200803-01 : Adobe Acrobat Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	3/4/2008	6/8/2022	high
31126	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 5010)	Nessus	SuSE Local Security Checks	2/20/2008	6/8/2022	high
30200	Adobe Reader < 7.1.0 / 8.1.2 Multiple Vulnerabilities	Nessus	Windows	2/6/2008	6/8/2022	high
40715	RHEL 3 / 4 / 5 : acroread (RHSA-2008:0144)	Nessus	Red Hat Local Security Checks	8/24/2009	6/8/2022	high
40800	Adobe Acrobat < 8.1.2 / 7.1.0 Multiple Vulnerabilities	Nessus	Windows	8/28/2009	5/31/2024	high

Detections

Analytics

Plugins Search

high

high

high

high

high