Adobe Reader < 11.0.1 / 10.1.5 / 9.5.3 Multiple Vulnerabilities (APSB13-02) (Mac OS X)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
earlier than 11.0.1 / 10.1.5 / 9.5.3. It is, therefore, potentially
affected by the following vulnerabilities :

- Multiple, unspecified memory corruption errors exist.
(CVE-2012-1530, CVE-2013-0601, CVE-2013-0605,
CVE-2013-0616, CVE-2013-0619, CVE-2013-0620,
CVE-2013-0623)

- A use-after-free vulnerability exists. (CVE-2013-0602)

- Multiple heap overflow vulnerabilities exist.
(CVE-2013-0603, CVE-2013-0604)

- Multiple stack overflow vulnerabilities exist.
(CVE-2013-0610, CVE-2013-0626)

- Multiple buffer overflow vulnerabilities exist.
(CVE-2013-0606, CVE-2013-0612, CVE-2013-0615,
CVE-2013-0617, CVE-2013-0621, CVE-2013-1376)

- Multiple integer overflow vulnerabilities exist.
(CVE-2013-0609, CVE-2013-0613)

- A local privilege escalation vulnerability exists.
(CVE-2013-0627)

- Multiple logic error vulnerabilities exist.
(CVE-2013-0607, CVE-2013-0608, CVE-2013-0611,
CVE-2013-0614, CVE-2013-0618)

- Multiple security bypass vulnerabilities exist.
(CVE-2013-0622, CVE-2013-0624)

See also :

http://www.adobe.com/support/security/bulletins/apsb13-02.html

Solution :

Upgrade to Adobe Reader 11.0.1 / 10.1.5 / 9.5.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true