Broken Vulnerability Fixlet- Unspecified Vulnerability in the PRC compnent

(imported topic written by jfschafer)

I noticed one of the vulberabilities in the Vulnerabilities for Windows site that is titled: “Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.”

. . . is possibly broken. I have systems with Adobe Acrobat and Reader with 10.1.4 only (no other versions installed) and it’s showing them as vulnerable in fact every single system that has Adobe Acrobat or Reader installed is showing as vulnerabile regardless of the version. That tells me something is messed up in the Relevance since this should only be Relevant for 9.x through 10.1.1 on my Windows systems, not 10.1.4

Here’s the full info:

ID 1486501

Site Vulnerabilities to Windows Systems

Category ACCEPTED

CVE ID CVE-2011-4369

Download Size

Source oval.mitre.org

Source ID OVAL14865

Source Severity High

Source Release Date 1/30/2012

(imported comment written by Eric Walker)

Hi @jfschafer – we will look into this. We build our vulnerability content from a feed provided by MITRE, and when there are issues, sometimes it is because we are interpreting the feed incorrectly, and sometimes it is because the source XML is broken. We’ll try to see which of these is going on here.

Eric

(imported comment written by SystemAdmin)

Looking at the definition itself (found at http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14865 ), the definition naively checks for the range of 10.0 to 10.1 (inclusive), so in your situation, it would always be true. We publish the content as is, and this is a content bug.