Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the
following vulnerabilities :

- Multiple buffer overflow conditions exist that allow an
attacker to execute arbitrary code. (CVE-2011-2094,
CVE-2011-2095, CVE-2011-2097)

- A heap overflow condition exists that allows an attacker
to execute arbitrary code. (CVE-2011-2096)

- Multiple memory corruption issues exist that allow an
attacker to execute arbitrary code. (CVE-2011-2098,
CVE-2011-2099, CVE-2011-2103, CVE-2011-2105,
CVE-2011-2106)

- Multiple memory corruption issues exist that allow an
attacker to crash the application. (CVE-2011-2104,
CVE-2011-2105)

- A DLL loading vulnerability exists that allows an
attacker to execute arbitrary code. (CVE-2011-2100)

- A cross-document script execution vulnerability exists
that allows an attacker to execute arbitrary code.
(CVE-2011-2101)

- A unspecified vulnerability exists that allows an
attacker to bypass security restrictions. (CVE-2011-2102)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-218
http://www.zerodayinitiative.com/advisories/ZDI-11-219
http://www.adobe.com/support/security/bulletins/apsb11-12.html
http://www.adobe.com/support/security/bulletins/apsb11-13.html
http://www.adobe.com/support/security/bulletins/apsb11-16.html

Solution :

Upgrade to Adobe Reader version 8.3 / 9.4.5 / 10.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial