Adobe Reader <= 10.1.1 / 9.4.6 U3D Memory Corruption (APSA11-04, APSB11-28, APSB11-30, APSB12-01) (Mac OS X)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.

Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected
by a memory corruption vulnerability.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior or equal to 10.1.1 or 9.4.6. It is, therefore, affected by a
memory corruption issue related to the Universal 3D (U3D) file format.
A remote attacker can exploit this, by convincing a user to view a
maliciously crafted PDF file, to cause an application crash or to
execute arbitrary code.

Note that the Adobe Reader X user-specific option to use 'Protected
Mode' prevents an exploit of this kind from being executed, but Nessus
cannot test for this configuration option.

See also :

Solution :

Upgrade to Adobe Reader version 9.5 / 10.1.2 or later. If the product
is Adobe Reader X, and upgrading is not an option, then the
user-specific option 'Protected Mode' should be enabled.

Risk factor :

High / CVSS Base Score : 9.3
CVSS Temporal Score : 7.7
Public Exploit Available : true

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial