Adobe Reader < 11.0.4 / 10.1.8 Multiple Vulnerabilities (APSB13-22) (Mac OS X)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
prior to 11.0.4 or 10.1.8. It is, therefore, affected by the following
vulnerabilities :

- Multiple unspecified stack overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-3351)

- Multiple unspecified memory corruption issues exist that
allow an attacker to execute arbitrary code.
(CVE-2013-3352, CVE-2013-3354, CVE-2013-3355)

- Multiple unspecified buffer overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-3353, CVE-2013-3356)

- Multiple unspecified integer overflow conditions exist
that allow an attacker to execute arbitrary code.
(CVE-2013-3357, CVE-2013-3358)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-230/
http://www.adobe.com/support/security/bulletins/apsb13-22.html

Solution :

Upgrade to Adobe Reader version 11.0.4 / 10.1.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true