Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.

Flash Player has been updated to version 10.3, fixing bugs and security issues.

More information can be found on:
http://www.adobe.com/support/security/bulletins/apsb11-12.html

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.2 to address the issues.

(CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0606, CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)

The remote host is affected by the vulnerability described in GLSA-201201-19 (Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Reader. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to open a specially crafted PDF       file using Adobe Reader, possibly resulting in the remote execution of       arbitrary code, a Denial of Service, or other impact.
  Workaround :

    There is no known workaround at this time.

Flash Player has been updated to version 10.3, fixing bugs and security issues.

More information can be found on :

http://www.adobe.com/support/security/bulletins/apsb11-12.html

The remote host is affected by the vulnerability described in GLSA-201110-11 (Adobe Flash Player: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in Adobe Flash Player.
      Please review the CVE identifiers and Adobe Security Advisories and       Bulletins referenced below for details.
  Impact :

    By enticing a user to open a specially crafted SWF file a remote       attacker could cause a Denial of Service or the execution of arbitrary       code with the privileges of the user running the application.
  Workaround :

    There is no known workaround at this time.

Versions of Flash Player earlier than 10.3.181.14 are potentially affected by multiple vulnerabilities : 

  - A design flaw exists that could lead to information disclosure. (CVE-2011-0579)
  - An integer overflow exists that could lead to code execution. (CVE-2011-0618, CVE-2011-0628)
  - Multiple memory corruption issues exist that could lead to code execution. (CVE-2011-0619, CVE-2011-0620, CVE-2011-0621, CVE-2011-0622, CVE-2011-0627)
  - Multiple bounds checking issues exist that could lead to code execution. (CVE-2011-0623, CVE-2011-0624, CVE-2011-0625, CVE-2011-0626)

Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608.)

Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608)

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB11-03, listed in the References section.

A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0585, CVE-2011-0586, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0606)

Multiple security flaws were found in Adobe reader. A specially crafted PDF file could cause cross-site scripting (XSS) attacks against the user running Adobe Reader when opened. (CVE-2011-0587, CVE-2011-0604)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.2, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

The version of Adobe Reader installed on the remote host is earlier than 10.0.1 / 9.4.2 / 8.2.6.  Such versions are reportedly affected by multiple vulnerabilities :

  - Multiple input validation vulnerability exist that could     lead to code execution. (CVE-2010-4091, CVE-2011-0586,     CVE-2011-0587, CVE-2011-0604)     
  - Multiple library loading vulnerabilities exist that     could lead to code execution. (CVE-2011-0562,     CVE-2011-0570, CVE-2011-0575, CVE-2011-0588)     
  - Multiple memory corruption vulnerabilities exist that     could lead to code execution. (CVE-2011-0563,     CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,     CVE-2011-0571, CVE-2011-0572, CVE-2011-0573,     CVE-2011-0574, CVE-2011-0578, CVE-2011-0589,     CVE-2011-0606, CVE-2011-0607, CVE-2011-0608)     
  - A Windows-only file permissions issue exists that could     lead to privilege escalation. (CVE-2011-0564)     
  - An unspecified vulnerability exists that could cause the     application to crash or potentially lead to code     execution. (CVE-2011-0565)     
  - Multiple image-parsing memory corruption vulnerabilities     exist that could lead to code execution. (CVE-2011-0566,     CVE-2011-0567, CVE-2011-0596, CVE-2011-0598,     CVE-2011-0599, CVE-2011-0602, CVE-2011-0603)

  - An unspecified vulnerability exists that could cause the     application to crash or potentially lead to code     execution. (CVE-2011-0585)

  - Multiple 3D file parsing input validation     vulnerabilities exist that could lead to code execution.
    (CVE-2011-0590, CVE-2011-0591, CVE-2011-0592,      CVE-2011-0593, CVE-2011-0595, CVE-2011-0600)   
  - Multiple font parsing input validation vulnerabilities     exist that could lead to code execution. (CVE-2011-0594,     CVE-2011-0577)

  - An integer overflow vulnerability exists that could lead     to code execution. (CVE-2011-0558)

The version of Adobe Acrobat installed on the remote host is earlier than 10.0.1 / 9.4.2 / 8.2.5.  Such versions are reportedly affected by multiple vulnerabilities :

  - Multiple input validation vulnerability exist that could     lead to code execution. (CVE-2010-4091, CVE-2011-0586,     CVE-2011-0587, CVE-2011-0604)     
  - Multiple library loading vulnerabilities exist that     could lead to code execution. (CVE-2011-0562,     CVE-2011-0570, CVE-2011-0575, CVE-2011-0588)     
  - Multiple memory corruption vulnerabilities exist that     could lead to code execution. (CVE-2011-0563,     CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,     CVE-2011-0571, CVE-2011-0572, CVE-2011-0573,     CVE-2011-0574, CVE-2011-0578, CVE-2011-0589,     CVE-2011-0606, CVE-2011-0607, CVE-2011-0608)     
  - A Windows-only file permissions issue exists that could     lead to privilege escalation. (CVE-2011-0564)     
  - An unspecified vulnerability exists that could cause the     application to crash or potentially lead to code     execution. (CVE-2011-0565)     
  - Multiple image-parsing memory corruption vulnerabilities     exist that could lead to code execution. (CVE-2011-0566,     CVE-2011-0567, CVE-2011-0596, CVE-2011-0598,     CVE-2011-0599, CVE-2011-0602, CVE-2011-0603)

  - An unspecified vulnerability exists that could cause the     application to crash or potentially lead to code     execution. (CVE-2011-0585)

  - Multiple 3D file parsing input validation     vulnerabilities exist that could lead to code execution.
    (CVE-2011-0590, CVE-2011-0591, CVE-2011-0592,      CVE-2011-0593, CVE-2011-0595, CVE-2011-0600)   
  - Multiple font parsing input validation vulnerabilities     exist that could lead to code execution. (CVE-2011-0594,     CVE-2011-0577)

  - An integer overflow vulnerability exists that could lead     to code execution. (CVE-2011-0558)

ID	Name	Product	Family	Severity
75834	openSUSE Security Update : flash-player (openSUSE-SU-2011:0492-1)	Nessus	SuSE Local Security Checks	high
75498	openSUSE Security Update : flash-player (openSUSE-SU-2011:0492-1)	Nessus	SuSE Local Security Checks	high
75421	openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)	Nessus	SuSE Local Security Checks	high
57745	GLSA-201201-19 : Adobe Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
57190	SuSE 10 Security Update : flash-player (ZYPP Patch Number 7518)	Nessus	SuSE Local Security Checks	high
56504	GLSA-201110-11 : Adobe Flash Player: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
53912	SuSE 11.1 Security Update : flash-player (SAT Patch Number 4552)	Nessus	SuSE Local Security Checks	high
5916	Flash Player < 10.3.181.14 Multiple Vulnerabilities (APSB11-12)	Nessus Network Monitor	Web Clients	high
53693	openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)	Nessus	SuSE Local Security Checks	high
52568	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7359)	Nessus	SuSE Local Security Checks	high
52567	SuSE 10 Security Update : acroread (ZYPP Patch Number 7358)	Nessus	SuSE Local Security Checks	high
52566	SuSE 11.1 Security Update : acroread_ja (SAT Patch Number 4058)	Nessus	SuSE Local Security Checks	high
52565	SuSE 11.1 Security Update : acroread (SAT Patch Number 4057)	Nessus	SuSE Local Security Checks	high
52161	RHEL 4 / 5 / 6 : acroread (RHSA-2011:0301)	Nessus	Red Hat Local Security Checks	high
51925	Adobe Reader < 10.0.1 / 9.4.2 / 8.2.6 Multiple Vulnerabilities (APSB11-03)	Nessus	Windows	high
51924	Adobe Acrobat < 10.0.1 / 9.4.2 / 8.2.5 Multiple Vulnerabilities (APSB11-03)	Nessus	Windows	high

Detections

Analytics

CVE-2011-0589

high

Tenable Plugins

high

high

high

critical

high

critical

high

high

high

high

high

high

high

high

high

high