Adobe Reader < 11.0.1 / 10.1.5 / 9.5.3 Multiple Vulnerabilities (APSB13-02) (Mac OS X)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior to 11.0.1, 10.1.5, or 9.5.3. It is, therefore, affected by the
following vulnerabilities :

- Multiple memory corruption conditions exist that allow
an attacker to execute arbitrary code or cause a denial
of service. (CVE-2012-1530, CVE-2013-0601,
CVE-2013-0605, CVE-2013-0616, CVE-2013-0619,
CVE-2013-0620, CVE-2013-0623)

- A use-after-free error exists that allows an attacker to
execute arbitrary code. (CVE-2013-0602)

- Multiple heap buffer overflow conditions exist that
allow an attacker to execute arbitrary code.
(CVE-2013-0603, CVE-2013-0604)

- Multiple stack overflow conditions exist that allow an
attacker to execute arbitrary code. (CVE-2013-0610,
CVE-2013-0626)

- Multiple unspecified buffer overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-0606, CVE-2013-0612, CVE-2013-0615,
CVE-2013-0617, CVE-2013-0621, CVE-2013-1376)

- Multiple integer overflow conditions exist that allow
an attacker to execute arbitrary code. (CVE-2013-0609,
CVE-2013-0613)

- A privilege escalation vulnerability exists that allows
a local attacker to execute arbitrary code.
(CVE-2013-0627)

- Multiple logic errors exist that allow an attacker to
execute arbitrary code. (CVE-2013-0607, CVE-2013-0608,
CVE-2013-0611, CVE-2013-0614, CVE-2013-0618)

- Multiple security bypass vulnerabilities exist that
allow an attacker to bypass access restrictions.
(CVE-2013-0622, CVE-2013-0624)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.adobe.com/support/security/bulletins/apsb13-02.html

Solution :

Upgrade to Adobe Reader version 11.0.1 / 10.1.5 / 9.5.3 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true