Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24) (Mac OS X)

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
earlier than 10.1.1 / 9.4.6 / 8.3.1. It is therefore potentially
affected by the following vulnerabilities :

- An unspecified error exists that can allow an attacker
to bypass security leading to code execution.
(CVE-2011-2431)

- Several errors exist that allow buffer overflows
leading to code execution. (CVE-2011-2432,
CVE-2011-2435)

- Several errors exist that allow heap overflows leading
to code execution. (CVE-2011-2433, CVE-2011-2434,
CVE-2011-2436, CVE-2011-2437)

- Several errors exist that allow stack overflows leading
to code execution. (CVE-2011-2438)

- An error exists that can allow memory leaks leading to
code execution. (CVE-2011-2439)

- A use-after-free error exists that can allow code
exection. (CVE-2011-2440)

- Several errors exist in the 'CoolType.dll' library that
can allow stack overflows leading to code execution.
(CVE-2011-2441)

- A logic error exists that can lead to code execution.
(CVE-2011-2442)

- Multiple issues exist as noted in APSB11-21, a security
update for Adobe Flash Player. (CVE-2011-2130,
CVE-2011-2134, CVE-2011-2135, CVE-2011-2136,
CVE-2011-2137, CVE-2011-2138, CVE-2011-2139,
CVE-2011-2140, CVE-2011-2414, CVE-2011-2415,
CVE-2011-2416, CVE-2011-2417, CVE-2011-2425,
CVE-2011-2424)

See also :

http://www.adobe.com/support/security/bulletins/apsb11-21.html
http://www.adobe.com/support/security/bulletins/apsb11-24.html

Solution :

Upgrade to Adobe Reader 10.1.1 / 9.4.6 / 8.3.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true