Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24, APSB11-26) (Mac OS X)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior to 10.1.1, 9.4.6, or 8.3.1. It is, therefore, affected by the
following vulnerabilities :

- An unspecified error exists that allows an attacker to
bypass security restrictions, resulting in code
execution. (CVE-2011-2431)

- Multiple buffer overflow conditions exists that allow an
attacker to execute arbitrary code. (CVE-2011-2432,
CVE-2011-2435)

- Multiple heap overflow conditions exist that allow an
attacker to execute arbitrary code. (CVE-2011-2433,
CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)

- Multiple stack overflow conditions exist that allow an
attacker to execute arbitrary code. (CVE-2011-2438)

- An error exists related to memory leak issues that
allows an attacker to execute arbitrary code.
(CVE-2011-2439)

- A use-after-free error exists that allows an attacker to
execute arbitrary code. (CVE-2011-2440)

- Multiple errors exist in the CoolType.dll library that
can allow stack overflow conditions, resulting in code
execution. (CVE-2011-2441)

- A logic error exists that allows an attacker to execute
arbitrary code. (CVE-2011-2442)

- Multiple vulnerabilities exist, as noted in APSB11-21,
that can allow an attacker to take control of the
affected system or cause the application to crash.
(CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,
CVE-2011-2136, CVE-2011-2137, CVE-2011-2138,
CVE-2011-2139, CVE-2011-2140, CVE-2011-2414,
CVE-2011-2415, CVE-2011-2416, CVE-2011-2417,
CVE-2011-2425, CVE-2011-2424)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-21.html
http://www.adobe.com/support/security/bulletins/apsb11-24.html
http://www.adobe.com/support/security/bulletins/apsb11-26.html

Solution :

Upgrade to Adobe Reader version 10.1.1 / 9.4.6 / 8.3.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
(CVSS2#E:POC/RL:ND/RC:C)
Public Exploit Available : true