Red Hat update for acroread
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 6 |
| CVE-ID | CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3956 CVE-2009-3959 CVE-2009-4324 |
| CWE-ID | CWE-129 CWE-426 CWE-119 CWE-79 CWE-190 CWE-416 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #6 is being exploited in the wild. |
| Vulnerable software Subscribe |
Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system |
| Vendor | Red Hat Inc. |
Security Bulletin
This security bulletin contains information about 6 vulnerabilities.
1) Improper validation of array index
EUVDB-ID: #VU1392
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2009-3953
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error in U3D support. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability is being actively exploited.
MitigationInstall updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Untrusted search path
EUVDB-ID: #VU1393
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3954
CWE-ID:
CWE-426 - Untrusted Search Path
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in 3D implementation. A remote attacker can place a .pdf file along with malicious DLL on a public SMB or WebDAV share, trick the victim into opening .pdf file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Memory corruption
EUVDB-ID: #VU1394
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3955
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to sign extension error when handling a Jp2c stream of a JpxDecode data stream. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Cross-site scripting
EUVDB-ID: #VU1395
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3956
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
Mitigation
Install updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Integer Overflow or Wraparound
EUVDB-ID: #VU1398
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2009-3959
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the U3D implementation. A remote attacker can create a specially crafted .pdf file containing a malicious U3D mode, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Install updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Use-after-free error
EUVDB-ID: #VU1391
Risk: Critical
CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2009-4324
CWE-ID:
CWE-416 - Use After Free
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the Doc.media.newPlayer method in Multimedia.api. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Install updates from vendor's website.
Red Hat Enterprise Linux Desktop: 5
Red Hat Enterprise Linux Server: v.5
External linkshttp://access.redhat.com/errata/RHSA-2010:0037
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
