Adobe Acrobat < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)

critical Nessus Plugin ID 79857

Synopsis

The version of Adobe Acrobat on the remote Mac OS X host is affected by multiple vulnerabilities.

Description

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :

- Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)

- An improperly implemented JavaScript API allows information disclosure. (CVE-2014-8448, CVE-2014-8451)

- An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)

- An error in handling XML external entities allows information disclosure. (CVE-2014-8452)

- A same-origin policy error allows security bypass.
(CVE-2014-8453)

- Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)

- Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).

- A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Acrobat 10.1.13 / 11.0.10 or later.

See Also

https://helpx.adobe.com/security/products/acrobat/apsb14-28.html

Plugin Details

Severity: Critical

ID: 79857

File Name: macosx_adobe_acrobat_apsb14-28.nasl

Version: 1.8

Type: local

Agent: macosx

Published: 12/10/2014

Updated: 11/25/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 8.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2014-9165

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Adobe Acrobat

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 12/9/2014

Vulnerability Publication Date: 8/27/2014

Reference Information

CVE: CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8448, CVE-2014-8449, CVE-2014-8451, CVE-2014-8452, CVE-2014-8453, CVE-2014-8454, CVE-2014-8455, CVE-2014-8456, CVE-2014-8457, CVE-2014-8458, CVE-2014-8459, CVE-2014-8460, CVE-2014-8461, CVE-2014-9150, CVE-2014-9158, CVE-2014-9159, CVE-2014-9165

BID: 71572, 71573, 71574, 71575, 71576, 71577, 71578, 71579, 71580, 71366, 71557, 71561, 71562, 71564, 71565, 71566, 71567, 71568, 71570, 71571