This update of acroread fixes :

  - CVE-2010-0186: CVSS v2 Base Score: 5.8 Cross-domain     request vulnerability

  - CVE-2010-0188: CVSS v2 Base Score: 6.8 An unspecified     vulnerability that possibly allowed remote code     execution.

This update of acroread fixes :

  - Cross-domain request vulnerability. (CVE-2010-0186 :
    CVSS v2 Base Score: 5.8)

  - An unspecified vulnerability that possibly allowed     remote code execution. (CVE-2010-0188 : CVSS v2 Base     Score: 6.8)

The version of Adobe Acrobat installed on the remote host is earlier than 9.3.1 / 8.2.1.  Such versions are reportedly affected by multiple vulnerabilities :

  - An issue that could subvert the domain sandbox and make     unauthorized cross-domain requests. (CVE-2010-0186)

  - An unspecified vulnerability could cause the application     to crash or possibly lead to arbitrary code execution.
    (CVE-2010-0188)

The remote host is affected by the vulnerability described in GLSA-201009-05 (Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities were discovered in Adobe Reader. For further     information please consult the CVE entries and the Adobe Security     Bulletins referenced below.
  Impact :

    A remote attacker might entice a user to open a specially crafted PDF     file, possibly resulting in the execution of arbitrary code with the     privileges of the user running the application, or bypass intended     sandbox restrictions, make cross-domain requests, inject arbitrary web     script or HTML, or cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The version of Adobe Reader installed on the remote host is earlier than 9.3.1 / 8.2.1.  As such, it is reportedly affected by multiple vulnerabilities :

  - An issue that could subvert the domain sandbox and make     unauthorized cross-domain requests. (CVE-2010-0186)

  - An unspecified vulnerability could cause the application     to crash or possibly lead to arbitrary code execution.
    (CVE-2010-0188)

This update of acroread fixes :

  - Cross-domain request vulnerability CVE-2010-0188: CVSS     v2 Base Score: 6.8 An unspecified vulnerability that     possibly allowed remote code execution. (CVE-2010-0186:
    CVSS v2 Base Score: 5.8)

Updated acroread packages that fix two security issues and a bug are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes two vulnerabilities in Adobe Reader. These vulnerabilities are summarized on the Adobe Security Advisory APSB10-07 page listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened.
(CVE-2010-0186, CVE-2010-0188)

This update also fixes a bug where, on some systems, attempting to install or upgrade the acroread packages failed due to a package dependency issue. (BZ#557506)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.3.1, which is not vulnerable to these issues and fixes this bug. All running instances of Adobe Reader must be restarted for the update to take effect.

ID	Name	Product	Family	Published	Updated	Severity
44978	openSUSE Security Update : acroread (acroread-2068)	Nessus	SuSE Local Security Checks	3/4/2010	3/8/2022	high
44984	SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2065)	Nessus	SuSE Local Security Checks	3/4/2010	3/8/2022	high
44643	Adobe Acrobat < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)	Nessus	Windows	2/17/2010	5/31/2024	high
49126	GLSA-201009-05 : Adobe Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	9/8/2010	6/8/2022	critical
44644	Adobe Reader < 9.3.1 / 8.2.1 Multiple Vulnerabilities (APSB10-07)	Nessus	Windows	2/17/2010	3/8/2022	high
51698	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6881)	Nessus	SuSE Local Security Checks	1/27/2011	3/8/2022	high
51697	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6879)	Nessus	SuSE Local Security Checks	1/27/2011	3/8/2022	high
44975	openSUSE Security Update : acroread (acroread-2068)	Nessus	SuSE Local Security Checks	3/4/2010	3/8/2022	high
44665	RHEL 4 / 5 : acroread (RHSA-2010:0114)	Nessus	Red Hat Local Security Checks	2/19/2010	3/8/2022	high
44981	openSUSE Security Update : acroread (acroread-2068)	Nessus	SuSE Local Security Checks	3/4/2010	3/8/2022	high

Detections

Analytics

Plugins Search

high

high

high

critical

high

high

high

high

high

high