SuSE 10 Security Update : acroread (ZYPP Patch Number 7086)

high Nessus Plugin ID 51713

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. The fixed security issues have been tracked as :

- CVE-2010-1297

- CVE-2010-1240

- CVE-2010-1285

- CVE-2010-1295

- CVE-2010-2168

- CVE-2010-2201

- CVE-2010-2202

- CVE-2010-2203

- CVE-2010-2204

- CVE-2010-2205

- CVE-2010-2206

- CVE-2010-2207

- CVE-2010-2208

- CVE-2010-2209

- CVE-2010-2210

- CVE-2010-2211

- CVE-2010-2212

Solution

Apply ZYPP patch number 7086.

See Also

http://support.novell.com/security/cve/CVE-2010-1240.html

http://support.novell.com/security/cve/CVE-2010-1285.html

http://support.novell.com/security/cve/CVE-2010-1295.html

http://support.novell.com/security/cve/CVE-2010-1297.html

http://support.novell.com/security/cve/CVE-2010-2168.html

http://support.novell.com/security/cve/CVE-2010-2201.html

http://support.novell.com/security/cve/CVE-2010-2202.html

http://support.novell.com/security/cve/CVE-2010-2203.html

http://support.novell.com/security/cve/CVE-2010-2204.html

http://support.novell.com/security/cve/CVE-2010-2205.html

http://support.novell.com/security/cve/CVE-2010-2206.html

http://support.novell.com/security/cve/CVE-2010-2207.html

http://support.novell.com/security/cve/CVE-2010-2208.html

http://support.novell.com/security/cve/CVE-2010-2209.html

http://support.novell.com/security/cve/CVE-2010-2210.html

http://support.novell.com/security/cve/CVE-2010-2211.html

http://support.novell.com/security/cve/CVE-2010-2212.html

Plugin Details

Severity: High

ID: 51713

File Name: suse_acroread_ja-7086.nasl

Version: 1.33

Type: local

Agent: unix

Published: 1/27/2011

Updated: 6/8/2022

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 7/2/2010

CISA Known Exploited Vulnerability Due Dates: 6/22/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Adobe Flash Player "newfunction" Invalid Pointer Use)

ExploitHub (EH-11-164)

Reference Information

CVE: CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202, CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, CVE-2010-2212