Detections
Analytics

Adobe Reader < 10.1.14 / 11.0.11 Multiple Vulnerabilities (APSB15-10)

critical Nessus Plugin ID 83471

Language:

Synopsis

The version of Adobe Reader on the remote Windows host is affected by multiple vulnerabilities.

Description

The version of Adobe Reader installed on the remote host is a version prior to 10.1.14 / 11.0.11. It is, therefore, affected by the following vulnerabilities :

 - A buffer overflow condition exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker can exploit this to execute arbitrary code.
 (CVE-2014-9160)

 - An out-of-bounds read flaw exists in CoolType.dll due to improper validation of user-supplied input. A remote attacker, via a specially crafted PDF file, can cause the application to crash and disclose memory contents.
 (CVE-2014-9161).

 - Multiple input validation, NULL pointer dereference, and use-after-free flaws exist that allow memory corruption, arbitrary code execution, and buffer overflow attacks.
 (CVE-2015-3047,CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3070, CVE-2015-3075, CVE-2015-3076)

 - Multiple unspecified flaws in the JavaScript API allow an attacker to bypass JavaScript API restrictions.
 (CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074)

- An XML external entity injection flaw exists that allows information disclosure. (CVE-2014-8452)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Reader 10.1.14 / 11.0.11 or later.

See Also

https://helpx.adobe.com/security/products/reader/apsb15-10.html

Plugin Details

Severity: Critical

ID: 83471

File Name: adobe_reader_apsb15-10.nasl

Version: 1.12

Type: local

Agent: windows

Family: Windows

Published: 5/14/2015

Updated: 11/22/2019

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.0

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2015-3076

Vulnerability Information

CPE: cpe:/a:adobe:acrobat_reader

Required KB Items: SMB/Registry/Enumerated, installed_sw/Adobe Reader

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/12/2015

Vulnerability Publication Date: 12/9/2014

Exploitable With

Core Impact

Reference Information

CVE: CVE-2014-8452, CVE-2014-9160, CVE-2014-9161, CVE-2015-3046, CVE-2015-3047, CVE-2015-3048, CVE-2015-3049, CVE-2015-3050, CVE-2015-3051, CVE-2015-3052, CVE-2015-3053, CVE-2015-3054, CVE-2015-3055, CVE-2015-3056, CVE-2015-3057, CVE-2015-3058, CVE-2015-3059, CVE-2015-3060, CVE-2015-3061, CVE-2015-3062, CVE-2015-3063, CVE-2015-3064, CVE-2015-3065, CVE-2015-3066, CVE-2015-3067, CVE-2015-3068, CVE-2015-3069, CVE-2015-3070, CVE-2015-3071, CVE-2015-3072, CVE-2015-3073, CVE-2015-3074, CVE-2015-3075, CVE-2015-3076

BID: 71567, 74599, 74600, 74601, 74602, 74603, 74604, 74618