Adobe Reader < 11.0.3 / 10.1.7 / 9.5.5 Multiple Vulnerabilities (APSB13-15) (Mac OS X)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior to 11.0.3, 10.1.7, or 9.5.5. It is, therefore, affected by the
following vulnerabilities :

- Unspecified memory corruption issues exist that allow an
attacker to execute arbitrary code. (CVE-2013-2718,
CVE-2013-2719, CVE-2013-2720, CVE-2013-2721,
CVE-2013-2722, CVE-2013-2723, CVE-2013-2725,
CVE-2013-2726, CVE-2013-2731, CVE-2013-2732,
CVE-2013-2734, CVE-2013-2735, CVE-2013-2736,
CVE-2013-3337, CVE-2013-3338, CVE-2013-3339,
CVE-2013-3340, CVE-2013-3341, CVE-2013-3346)

- An integer underflow condition exists that allows an
attacker to execute arbitrary code. (CVE-2013-2549)

- A use-after-free error exists that allows an attacker to
bypass the Adobe Reader's sandbox protection.
(CVE-2013-2550)

- A flaw exists in the JavaScript API that allows an
attacker to obtain sensitive information.
(CVE-2013-2737)

- An unspecified stack overflow condition exists that
allows an attacker to execute arbitrary code.
(CVE-2013-2724)

- Multiple unspecified buffer overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-2730, CVE-2013-2733)

- Multiple unspecified integer overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-2727, CVE-2013-2729)

- A flaw exists due to improper handling of operating
system domain blacklists. An attacker can exploit this
to have an unspecified impact. (CVE-2013-3342)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-105/
http://www.zerodayinitiative.com/advisories/ZDI-13-106/
http://www.zerodayinitiative.com/advisories/ZDI-13-212/
http://www.adobe.com/support/security/bulletins/apsb13-15.html

Solution :

Upgrade to Adobe Reader version 11.0.3 / 10.1.7 / 9.5.5 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:C)
Public Exploit Available : true