Detections
Analytics
Adobe Acrobat < 9.4.7 Multiple Memory Corruption Vulnerabilities (APSB11-30)
critical Nessus Plugin ID 57042
Language:
Synopsis
The version of Adobe Acrobat on the remote Windows host is affected by multiple memory corruption vulnerabilities.Description
The remote Windows host contains a version of Adobe Acrobat earlier than 9.4.7. Such versions are affected by multiple memory corruption vulnerabilities related to the 'Universal 3D' (U3D) file format and the 'Product Representation Compact' (PRC) component.A remote attacker could exploit this by tricking a user into viewing a maliciously crafted PDF file, causing application crashes and potentially resulting in arbitrary code execution.
This plugin does not check for Acrobat 10.x releases, which are vulnerable but were not fixed until APSB12-01. Refer to plugin 57483 for more information.
Solution
Upgrade to Adobe Acrobat 9.4.7 or later.See Also
http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/advisories/apsa11-04.html
Plugin Details
Severity: Critical
ID: 57042
File Name: adobe_acrobat_apsa11-04.nasl
Version: 1.23
Type: local
Agent: windows
Family: Windows
Published: 12/7/2011
Updated: 5/31/2024
Supported Sensors: Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: Critical
Base Score: 10
Temporal Score: 8.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS Score Source: CVE-2011-4369
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: installed_sw/Adobe Acrobat
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 12/16/2011
Vulnerability Publication Date: 12/6/2011
CISA Known Exploited Vulnerability Due Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Adobe Reader U3D Memory Corruption Vulnerability)
Reference Information
CVE: CVE-2011-2462, CVE-2011-4369