This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:STC:ACTIVEX:ADOBE-DL-MGR
|
Severity |
Major
|
Recommended |
No
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Adobe Download Manager getPlus ActiveX Control Buffer Overflow
|
Release Date |
2010/10/13
|
Update Number |
1791
|
Supported Platforms |
idp-4.0.110090709+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Adobe Download Manager getPlus ActiveX Control Buffer Overflow
A stack buffer overflow vulnerability exists in Adobe Download Manager that can allow arbitrary code execution. Remote attackers can exploit this vulnerability by enticing affected users to open a malicious web page in a vulnerable version of the product. In a sophisticated attack where code injection is successful, the behaviour of the target host is entirely dependent on the intended function of the injected code. The injected code, in this case, would execute within the security context of the currently logged in user. In an attack case where code injection is not successful, the web browser can terminate abnormally.
Extended Description
NOS Microsystems getPlus Helper ActiveX control is prone to multiple stack-based buffer-overflow vulnerabilities.
Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application. Failed attempts will likely result in denial-of-service conditions.
NOTE: This issue was previously covered in BID 37667 (Adobe Acrobat and Reader January 2010 Multiple Remote Vulnerabilities), but has been given its own record to better document it.
NOTE (January 13, 2010): This issue was previously titled 'Adobe Reader and Acrobat Download Manager Remote Code Execution Vulnerability', but has been renamed to properly identify the root vulnerable software.
Affected Products
- Adobe acrobat 9.1.1
- Adobe acrobat 9.2
- Adobe acrobat_professional 8.0
- Adobe acrobat_professional 8.1
- Adobe acrobat_professional 8.1.1
- Adobe acrobat_professional 8.1.2
- Adobe acrobat_professional 8.1.2 Security Update 1
- Adobe acrobat_professional 8.1.3
- Adobe acrobat_professional 8.1.4
- Adobe acrobat_professional 8.1.6
- Adobe acrobat_professional 8.1.7
- Adobe acrobat_professional 9
- Adobe acrobat_professional 9.1
- Adobe acrobat_professional 9.1.2
- Adobe acrobat_professional 9.1.3
- Adobe acrobat_professional 9.2
- Adobe acrobat_standard 8.0
- Adobe acrobat_standard 8.1
- Adobe acrobat_standard 8.1.1
- Adobe acrobat_standard 8.1.2
- Adobe acrobat_standard 8.1.3
- Adobe acrobat_standard 8.1.4
- Adobe acrobat_standard 8.1.6
- Adobe acrobat_standard 8.1.7
- Adobe acrobat_standard 9
- Adobe acrobat_standard 9.1
- Adobe acrobat_standard 9.1.2
- Adobe acrobat_standard 9.1.3
- Adobe acrobat_standard 9.2
- Adobe reader 8.0
- Adobe reader 8.1
- Adobe reader 8.1.1
- Adobe reader 8.1.2
- Adobe reader 8.1.2 Security Update 1
- Adobe reader 8.1.3
- Adobe reader 8.1.4
- Adobe reader 8.1.5
- Adobe reader 8.1.6
- Adobe reader 8.1.7
- Adobe reader 9
- Adobe reader 9.1
- Adobe reader 9.1.1
- Adobe reader 9.1.2
- Adobe reader 9.1.3
- Adobe reader 9.2
- Nortel_networks callpilot 1002Rp
- Nortel_networks callpilot 1005R
- Nortel_networks callpilot 200I
- Nortel_networks callpilot 201I
- Nortel_networks callpilot 600R
- Nortel_networks callpilot 703T
- Nortel_networks self-service_media_processing_server
- Nortel_networks self-service_mps_1000
- Nortel_networks self-service_mps_500
- Nortel_networks self-service_peri_application
- Nortel_networks self-service_speech_server
- Nos_microsystems getplus_helper_activex_control
- Suse opensuse 11.0
- Suse opensuse 11.1
- Suse opensuse 11.2
- Suse suse_linux_enterprise 10 SP2
- Suse suse_linux_enterprise 10 SP3
- Suse suse_linux_enterprise_desktop 11
References