acrobat reader was updated to version 9.4.6 to fix several security issues

acrobat reader was updated to version 9.4.6 to fix several security issues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442)

The version of Adobe Reader installed on the remote Windows host is earlier than 10.1.1 / 9.4.6 / 8.3.1.  It is, therefore, potentially affected by the following vulnerabilities :

  - An unspecified error exists that allows local     privilege escalation attacks. (CVE-2011-1353)

  - An unspecified error exists that can allow an attacker     to bypass security leading to code execution.     (CVE-2011-2431)

  - Several errors exist that allow buffer overflows     leading to code execution. (CVE-2011-2432,     CVE-2011-2435)

  - Several errors exist that allow heap overflows leading     to code execution. (CVE-2011-2433, CVE-2011-2434,     CVE-2011-2436, CVE-2011-2437)

  - Several errors exist that allow stack overflows leading     to code execution. (CVE-2011-2438)

  - An error exists that can allow memory leaks leading to     code execution. (CVE-2011-2439)

  - A use-after-free error exists that can allow code     exection. (CVE-2011-2440)

  - Several errors exist in the 'CoolType.dll' library that     can allow stack overflows leading to code execution.
    (CVE-2011-2441)

  - A logic error exists that can lead to code execution.
    (CVE-2011-2442)

  - Multiple issues exist as noted in APSB11-21, a security     update for Adobe Flash Player. (CVE-2011-2130,     CVE-2011-2134, CVE-2011-2135, CVE-2011-2136,     CVE-2011-2137, CVE-2011-2138, CVE-2011-2139,     CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,     CVE-2011-2416, CVE-2011-2417, CVE-2011-2425,     CVE-2011-2424)

acrobat reader was updated to version 9.4.6 to fix several security issues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433 / CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 / CVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 / CVE-2011-2442)

The Adobe Security Team reports :

An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code (or cause a denial of service attack) via unknown vectors.

A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors.

The version of Adobe Acrobat installed on the remote host is earlier than 10.1.1 / 9.4.6 / 8.3.1.  It is, therefore, potentially affected by the following vulnerabilities :

  - An unspecified error exists that can allow an attacker     to bypass security leading to code execution.     (CVE-2011-2431)

  - Several errors exist that allow buffer overflows     leading to code execution. (CVE-2011-2432,     CVE-2011-2435)

  - Several errors exist that allow heap overflows leading     to code execution. (CVE-2011-2433, CVE-2011-2434,     CVE-2011-2436, CVE-2011-2437)

  - Several errors exist that allow stack overflows leading     to code execution. (CVE-2011-2438)

  - An error exists that can allow memory leaks leading to     code execution. (CVE-2011-2439)

  - A use-after-free error exists that can allow code     exection. (CVE-2011-2440)

  - Several errors exist in the 'CoolType.dll' library that     can allow stack overflows leading to code execution.
    (CVE-2011-2441)

  - A logic error exists that can lead to code execution.
    (CVE-2011-2442)

  - Multiple issues exist as noted in APSB11-21, a security     update for Adobe Flash Player. (CVE-2011-2130,     CVE-2011-2134, CVE-2011-2135, CVE-2011-2136,     CVE-2011-2137, CVE-2011-2138, CVE-2011-2139,     CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,     CVE-2011-2416, CVE-2011-2417, CVE-2011-2425,     CVE-2011-2424)

Acrobat reader was updated to version 9.4.6 to fix several security issues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433 / CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 / CVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 / CVE-2011-2442)

The remote host is affected by the vulnerability described in GLSA-201201-19 (Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Reader. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted PDF       file using Adobe Reader, possibly resulting in the remote execution of       arbitrary code, a Denial of Service, or other impact.
  Workaround :

    There is no known workaround at this time.

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1.1, 9.4.6, or 8.3.1. It is, therefore, affected by the following vulnerabilities :

  - An unspecified error exists that allows an attacker to     bypass security restrictions, resulting in code     execution. (CVE-2011-2431)

  - Multiple buffer overflow conditions exists that allow an     attacker to execute arbitrary code. (CVE-2011-2432,     CVE-2011-2435)

  - Multiple heap overflow conditions exist that allow an     attacker to execute arbitrary code. (CVE-2011-2433,     CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)

  - Multiple stack overflow conditions exist that allow an     attacker to execute arbitrary code. (CVE-2011-2438)

  - An error exists related to memory leak issues that     allows an attacker to execute arbitrary code.
    (CVE-2011-2439)

  - A use-after-free error exists that allows an attacker to     execute arbitrary code. (CVE-2011-2440)

  - Multiple errors exist in the CoolType.dll library that     can allow stack overflow conditions, resulting in code     execution. (CVE-2011-2441)

  - A logic error exists that allows an attacker to execute     arbitrary code. (CVE-2011-2442)

  - Multiple vulnerabilities exist, as noted in APSB11-21,     that can allow an attacker to take control of the     affected system or cause the application to crash.
    (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,     CVE-2011-2136, CVE-2011-2137, CVE-2011-2138,     CVE-2011-2139, CVE-2011-2140, CVE-2011-2414,     CVE-2011-2415, CVE-2011-2416, CVE-2011-2417,     CVE-2011-2425, CVE-2011-2424)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 5 / 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1434 advisory.

  - acroread: multiple code execution flaws (APSB11-16) (CVE-2011-2094, CVE-2011-2095, CVE-2011-2096,     CVE-2011-2097, CVE-2011-2098, CVE-2011-2099, CVE-2011-2101)

  - acroread: Multiple denial of service flaws (APSB11-16) (CVE-2011-2104, CVE-2011-2105)

  - flash-plugin: Cross-site scripting vulnerability (APSB11-13) (CVE-2011-2107)

  - flash-plugin: multiple arbitrary code execution flaws (APSB-11-21) (CVE-2011-2130, CVE-2011-2134,     CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414,     CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425)

  - acroread, flash-plugin: critical flaws fixed in APSB11-26 (CVE-2011-2426, CVE-2011-2427, CVE-2011-2428,     CVE-2011-2430)

  - acroread, flash-plugin: security control bypass information disclosure fixed in APSB11-26 (CVE-2011-2429)

  - acroread: multiple code execution flaws (APSB11-24) (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433,     CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440,     CVE-2011-2442, CVE-2011-4374)

  - acroread, flash-plugin: Cross-site scripting vulnerability fixed in APSB11-26 (CVE-2011-2444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
74527	openSUSE Security Update : acroread (openSUSE-2011-54)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	high
75422	openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	high
56198	Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)	Nessus	Windows	9/14/2011	11/15/2018	high
57087	SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)	Nessus	SuSE Local Security Checks	12/13/2011	1/19/2021	high
57705	FreeBSD : acroread9 -- Multiple Vulnerabilities (fa2f386f-4814-11e1-89b4-001ec9578670)	Nessus	FreeBSD Local Security Checks	1/27/2012	6/8/2022	critical
56197	Adobe Acrobat < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)	Nessus	Windows	9/14/2011	5/31/2024	critical
57154	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)	Nessus	SuSE Local Security Checks	12/13/2011	1/19/2021	high
57745	GLSA-201201-19 : Adobe Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	1/31/2012	6/8/2022	critical
56199	Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24, APSB11-26) (Mac OS X)	Nessus	MacOS X Local Security Checks	9/14/2011	7/14/2018	high
56740	RHEL 5 / 6 : acroread (RHSA-2011:1434)	Nessus	Red Hat Local Security Checks	11/9/2011	4/27/2024	medium
75783	openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)	Nessus	SuSE Local Security Checks	6/13/2014	1/14/2021	high

Detections

Analytics

Plugins Search

high

high

high

high

critical

critical

high

critical

high

medium

high