Nessus Plugins

Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially affected
by the following vulnerabilities :

- An unspecified error exists that can allow an attacker
to bypass security leading to code execution.
(CVE-2011-2431)

- Several errors exist that allow buffer overflows
leading to code execution. (CVE-2011-2432,
CVE-2011-2435)

- Several errors exist that allow heap overflows leading
to code execution. (CVE-2011-2433, CVE-2011-2434,
CVE-2011-2436, CVE-2011-2437)

- Several errors exist that allow stack overflows leading
to code execution. (CVE-2011-2438)

- An error exists that can allow memory leaks leading to
code execution. (CVE-2011-2439)

- A use-after-free error exists that can allow code
exection. (CVE-2011-2440)

- Several errors exist in the 'CoolType.dll' library that
can allow stack overflows leading to code execution.
(CVE-2011-2441)

- A logic error exists that can lead to code execution.
(CVE-2011-2442)

- Multiple issues exist as noted in APSB11-21, a security
update for Adobe Flash Player. (CVE-2011-2130,
CVE-2011-2134, CVE-2011-2135, CVE-2011-2136,
CVE-2011-2137, CVE-2011-2138, CVE-2011-2139,
CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,
CVE-2011-2416, CVE-2011-2417, CVE-2011-2425,
CVE-2011-2424)

See also :

http://www.nessus.org/u?46d1fce8
http://www.zerodayinitiative.com/advisories/ZDI-11-282/
http://www.zerodayinitiative.com/advisories/ZDI-11-283/
http://www.zerodayinitiative.com/advisories/ZDI-11-284/
http://www.zerodayinitiative.com/advisories/ZDI-11-296/
http://www.zerodayinitiative.com/advisories/ZDI-11-297/
http://www.zerodayinitiative.com/advisories/ZDI-11-298/
http://www.zerodayinitiative.com/advisories/ZDI-11-299/
http://www.zerodayinitiative.com/advisories/ZDI-11-300/
http://www.zerodayinitiative.com/advisories/ZDI-11-301/
http://www.zerodayinitiative.com/advisories/ZDI-11-302/
http://www.zerodayinitiative.com/advisories/ZDI-11-310/
http://www.adobe.com/support/security/bulletins/apsb11-21.html
http://www.adobe.com/support/security/bulletins/apsb11-24.html

Solution :

Upgrade to Adobe Acrobat 8.3.1 / 9.4.6 / 10.1.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 56197 ()

Bugtraq ID: 49073
49074
49075
49076
49077
49079
49080
49081
49082
49083
49084
49085
49086
49186
49572
49575
49576
49577
49578
49579
49580
49581
49582
49583
49584
49585

CVE ID: CVE-2011-2130
CVE-2011-2134
CVE-2011-2135
CVE-2011-2136
CVE-2011-2137
CVE-2011-2138
CVE-2011-2139
CVE-2011-2140
CVE-2011-2414
CVE-2011-2415
CVE-2011-2416
CVE-2011-2417
CVE-2011-2424
CVE-2011-2425
CVE-2011-2431
CVE-2011-2432
CVE-2011-2433
CVE-2011-2434
CVE-2011-2435
CVE-2011-2436
CVE-2011-2437
CVE-2011-2438
CVE-2011-2439
CVE-2011-2440
CVE-2011-2441
CVE-2011-2442

Products

Nessus Family of Products

Unified Security Monitoring Platform

Solutions

Compliance

Industry

Technology

Partners

Nessus Partners

Enterprise Partners

Distribution Partners

Resources

Support

Training & Certification

Downloads

About

News

Adobe Acrobat < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)