Adobe Reader < 11.0.4 / 10.1.8 Multiple Vulnerabilities (APSB13-22) (Mac OS X)

This script is Copyright (C) 2013-2014 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Mac OS X host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote Mac OS X host is
earlier than 11.0.4 / 10.1.8. It is, therefore, potentially affected by
the following vulnerabilities :

- An unspecified stack overflow issue exists that could
lead to code execution. (CVE-2013-3351)

- Unspecified memory corruption vulnerabilities exist that
could lead to code execution. (CVE-2013-3352,
CVE-2013-3354, CVE-2013-3355)

- Unspecified buffer overflow errors exist that could
lead to code execution. (CVE-2013-3353, CVE-2013-3356)

- Unspecified integer overflow errors exist that could
lead to code execution. (CVE-2013-3357, CVE-2013-3358)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-13-230/
http://www.adobe.com/support/security/bulletins/apsb13-22.html

Solution :

Upgrade to Adobe Reader 11.0.4 / 10.1.8 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true