The version of Adobe Reader installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5.  It is, therefore, affected by multiple vulnerabilities :

  - Unspecified memory corruption vulnerabilities exist that     could lead to code execution. (CVE-2013-2718,     CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,     CVE-2013-2722, CVE-2013-2723, CVE-2013-2725,     CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,     CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,     CVE-2013-3337, CVE-2013-3338, CVE-2013-3339,     CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)

  - An integer underflow error exists that could lead to     code execution. (CVE-2013-2549)

  - A use-after-free error exists that could lead to a     bypass of Adobe Reader's sandbox protection.
    (CVE-2013-2550)

  - An unspecified information leakage issue involving a     JavaScript API exists.  (CVE-2013-2737)

  - An unspecified stack overflow issue exists that could     lead to code execution. (CVE-2013-2724)

  - An unspecified buffer overflow error exists that could     lead to code execution. (CVE-2013-2730, CVE-2013-2733)

  - An unspecified integer overflow error exists that could     lead to code execution. (CVE-2013-2727, CVE-2013-2729)

  - A flaw exists in the way Reader handles domains that     have been blacklisted in the operating system.
    (CVE-2013-3342)

The remote host is affected by the vulnerability described in GLSA-201308-03 (Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Reader. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted PDF       file, possibly resulting in arbitrary code execution or a Denial of       Service condition. A local attacker could gain privileges via unspecified       vectors.
  Workaround :

    There is no known workaround at this time.

The version of Adobe Reader installed on the remote Mac OS X host is prior to 11.0.3, 10.1.7, or 9.5.5. It is, therefore, affected by the following vulnerabilities :

  - Unspecified memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2013-2718,     CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,     CVE-2013-2722, CVE-2013-2723, CVE-2013-2725,     CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,     CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,     CVE-2013-3337, CVE-2013-3338, CVE-2013-3339,     CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)

  - An integer underflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2013-2549)

  - A use-after-free error exists that allows an attacker to     bypass the Adobe Reader's sandbox protection.
    (CVE-2013-2550)

  - A flaw exists in the JavaScript API that allows an     attacker to obtain sensitive information.
    (CVE-2013-2737)

  - An unspecified stack overflow condition exists that     allows an attacker to execute arbitrary code.
    (CVE-2013-2724)

  - Multiple unspecified buffer overflow conditions exist     that allow an attacker to execute arbitrary code.
    (CVE-2013-2730, CVE-2013-2733)

  - Multiple unspecified integer overflow conditions exist     that allow an attacker to execute arbitrary code.
    (CVE-2013-2727, CVE-2013-2729)

  - A flaw exists due to improper handling of operating     system domain blacklists. An attacker can exploit this     to have an unspecified impact. (CVE-2013-3342)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Acrobat Reader has been updated to version 9.5.5.

The Adobe Advisory can be found at:
https://www.adobe.com/support/security/bulletins/apsb13-15.html

These updates resolve :

  - memory corruption vulnerabilities that could lead to     code execution. (CVE-2013-2718 / CVE-2013-2719 /     CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 /     CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 /     CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 /     CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 /     CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 /     CVE-2013-3341)

  - an integer underflow vulnerability that could lead to     code execution. (CVE-2013-2549)

  - a use-after-free vulnerability that could lead to a     bypass of Adobe Reader's sandbox protection.
    (CVE-2013-2550)

  - an information leakage issue involving a JavaScript API.
    (CVE-2013-2737)

  - a stack overflow vulnerability that could lead to code     execution. (CVE-2013-2724)

  - buffer overflow vulnerabilities that could lead to code     execution. (CVE-2013-2730 / CVE-2013-2733)

  - integer overflow vulnerabilities that could lead to code     execution. (CVE-2013-2727 / CVE-2013-2729)

  - a flaw in the way Reader handles domains that have been     blacklisted in the operating system. (CVE-2013-3342)

Acrobat Reader has been updated to version 9.5.5.

The Adobe Advisory can be found at:
https://www.adobe.com/support/security/bulletins/apsb13-15.html

These updates resolve

  - memory corruption vulnerabilities that could lead to     code execution. (CVE-2013-2718 / CVE-2013-2719 /     CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 /     CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 /     CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 /     CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 /     CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 /     CVE-2013-3341)

  - an integer underflow vulnerability that could lead to     code execution. (CVE-2013-2549)

  - a use-after-free vulnerability that could lead to a     bypass of Adobe Reader's sandbox protection.
    (CVE-2013-2550)

  - an information leakage issue involving a JavaScript API.
    (CVE-2013-2737)

  - a stack overflow vulnerability that could lead to code     execution. (CVE-2013-2724)

  - buffer overflow vulnerabilities that could lead to code     execution. (CVE-2013-2730 / CVE-2013-2733)

  - integer overflow vulnerabilities that could lead to code     execution. (CVE-2013-2727 / CVE-2013-2729)

  - a flaw in the way Reader handles domains that have been     blacklisted in the operating system. (CVE-2013-3342)

The version of Adobe Acrobat installed on the remote host is earlier than 11.0.3 / 10.1.7 / 9.5.5.  It is, therefore, affected by multiple vulnerabilities :

  - Unspecified memory corruption vulnerabilities exist that     could lead to code execution. (CVE-2013-2718,     CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,     CVE-2013-2722, CVE-2013-2723, CVE-2013-2725,     CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,     CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,     CVE-2013-3337, CVE-2013-3338, CVE-2013-3339,     CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)

  - An integer underflow error exists that could lead to     code execution. (CVE-2013-2549)

  - A use-after-free error exists that could lead to a     bypass of Adobe Reader's sandbox protection.
    (CVE-2013-2550)

  - An unspecified information leakage issue involving a     JavaScript API exists.  (CVE-2013-2737)

  - An unspecified stack overflow issue exists that could     lead to code execution. (CVE-2013-2724)

  - An unspecified buffer overflow error exists that could     lead to code execution. (CVE-2013-2730, CVE-2013-2733)

  - An unspecified integer overflow error exists that could     lead to code execution. (CVE-2013-2727, CVE-2013-2729)

  - A flaw exists in the way Reader handles domains that     have been blacklisted in the operating system.
    (CVE-2013-3342)

Acroread was updated to 9.5.5 for bnc#819918(swampid#52449).

More information can be found on:
https://www.adobe.com/support/security/bulletins/apsb13-15.html

(CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342)

ID	Name	Product	Family	Published	Updated	Severity
66410	Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)	Nessus	Windows	5/14/2013	3/29/2022	critical
69454	GLSA-201308-03 : Adobe Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	8/23/2013	3/29/2022	critical
66411	Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15) (Mac OS X)	Nessus	MacOS X Local Security Checks	5/14/2013	3/29/2022	critical
66505	SuSE 11.2 Security Update : Acrobat Reader (SAT Patch Number 7734)	Nessus	SuSE Local Security Checks	5/19/2013	3/29/2022	critical
66506	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 8571)	Nessus	SuSE Local Security Checks	5/19/2013	3/29/2022	critical
66409	Adobe Acrobat < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15)	Nessus	Windows	5/14/2013	5/31/2024	critical
75008	openSUSE Security Update : acroread (openSUSE-SU-2013:0990-1)	Nessus	SuSE Local Security Checks	6/13/2014	3/29/2022	critical

Detections

Analytics

Plugins Search

critical

critical

critical

critical

critical

critical

critical