Detections
Analytics
Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
high Nessus Plugin ID 55143
Language:
Synopsis
The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities :- Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097)
- A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096)
- Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105)
- Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105)
- A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100)
- A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101)
- A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)
Solution
Upgrade to Adobe Acrobat 8.3 / 9.4.5 / 10.1 or later.See Also
http://www.zerodayinitiative.com/advisories/ZDI-11-218
http://www.zerodayinitiative.com/advisories/ZDI-11-219
http://www.adobe.com/support/security/bulletins/apsb11-16.html
Plugin Details
Severity: High
ID: 55143
File Name: adobe_acrobat_apsb11-16.nasl
Version: 1.10
Type: local
Agent: windows
Family: Windows
Published: 6/15/2011
Updated: 5/31/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.4
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2011-2094
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: installed_sw/Adobe Acrobat
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/14/2011
Vulnerability Publication Date: 6/14/2011
Exploitable With
Core Impact
Reference Information
CVE: CVE-2011-2094, CVE-2011-2095, CVE-2011-2096, CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2100, CVE-2011-2101, CVE-2011-2102, CVE-2011-2103, CVE-2011-2104, CVE-2011-2105
BID: 48240, 48242, 48243, 48244, 48245, 48246, 48247, 48248, 48251, 48252, 48253, 48255
CERT: 264729