Detections
Analytics
Adobe Acrobat < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)
critical Nessus Plugin ID 56197
Language:
Synopsis
The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Acrobat installed on the remote host is earlier than 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially affected by the following vulnerabilities :- An unspecified error exists that can allow an attacker to bypass security leading to code execution. (CVE-2011-2431)
- Several errors exist that allow buffer overflows leading to code execution. (CVE-2011-2432, CVE-2011-2435)
- Several errors exist that allow heap overflows leading to code execution. (CVE-2011-2433, CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)
- Several errors exist that allow stack overflows leading to code execution. (CVE-2011-2438)
- An error exists that can allow memory leaks leading to code execution. (CVE-2011-2439)
- A use-after-free error exists that can allow code exection. (CVE-2011-2440)
- Several errors exist in the 'CoolType.dll' library that can allow stack overflows leading to code execution.
(CVE-2011-2441)
- A logic error exists that can lead to code execution.
(CVE-2011-2442)
- Multiple issues exist as noted in APSB11-21, a security update for Adobe Flash Player. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, CVE-2011-2424)
Solution
Upgrade to Adobe Acrobat 8.3.1 / 9.4.6 / 10.1.1 or later.See Also
http://www.nessus.org/u?46d1fce8
https://www.zerodayinitiative.com/advisories/ZDI-11-282/
https://www.zerodayinitiative.com/advisories/ZDI-11-283/
https://www.zerodayinitiative.com/advisories/ZDI-11-284/
https://www.zerodayinitiative.com/advisories/ZDI-11-296/
https://www.zerodayinitiative.com/advisories/ZDI-11-297/
https://www.zerodayinitiative.com/advisories/ZDI-11-298/
https://www.zerodayinitiative.com/advisories/ZDI-11-299/
https://www.zerodayinitiative.com/advisories/ZDI-11-300/
https://www.zerodayinitiative.com/advisories/ZDI-11-301/
https://www.zerodayinitiative.com/advisories/ZDI-11-302/
https://www.zerodayinitiative.com/advisories/ZDI-11-310/
http://www.adobe.com/support/security/bulletins/apsb11-21.html
http://www.adobe.com/support/security/bulletins/apsb11-24.html
Plugin Details
Severity: Critical
ID: 56197
File Name: adobe_acrobat_apsb11-24.nasl
Version: 1.23
Type: local
Agent: windows
Family: Windows
Published: 9/14/2011
Updated: 5/31/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2011-2130
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: installed_sw/Adobe Acrobat
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/13/2011
Vulnerability Publication Date: 9/13/2011
Exploitable With
Core Impact
Metasploit (Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow)
Reference Information
CVE: CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442
BID: 49083, 49084, 49085, 49086, 49186, 49572, 49575, 49576, 49577, 49578, 49579, 49580, 49581, 49582, 49583, 49584, 49585, 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082