Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0565.

The version of Adobe Reader installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-5093)

  - Multiple heap buffer overflow conditions exist that     allow an attacker to execute arbitrary code.
    (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2015-5087,     CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,     CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,     CVE-2015-5115, CVE-2014-0566)

  - An unspecified information disclosure vulnerability     exists. (CVE-2015-5107)

  - Multiple security bypass vulnerabilities exist that     allow an attacker to disclose arbitrary information.
    (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,     CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)

  - A stack overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-5110)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2015-4448,     CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,     CVE-2015-5111,  CVE-2015-5113, CVE-2015-5114)

  - Multiple validation bypass issues exist that allow an     attacker to escalate privileges. (CVE-2015-4446,     CVE-2015-5090, CVE-2015-5106)

  - A validation bypass issue exists that allows an attacker     to cause a denial of service condition. (CVE-2015-5091)

  - Multiple integer overflow conditions exist that allow an     attacker to execute arbitrary code. (CVE-2015-5097,     CVE-2015-5108, CVE-2015-5109)

  - Multiple flaws exist that allow an attacker to bypass     restrictions on the JavaScript API execution.
    (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,     CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,     CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)

  - Multiple NULL pointer dereference flaws exist that allow     an attacker to cause a denial of service condition.
    (CVE-2015-4443, CVE-2015-4444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082. It is, therefore, affected by multiple vulnerabilities :

  - A buffer overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-5093)

  - Multiple heap buffer overflow conditions exist that     allow an attacker to execute arbitrary code.
    (CVE-2015-5096, CVE-2015-5098, CVE-2015-5105)

  - Multiple memory corruption issues exist that allow an     attacker to execute arbitrary code. (CVE-2015-5087,     CVE-2015-5094, CVE-2015-5100, CVE-2015-5102,     CVE-2015-5103, CVE-2015-5104, CVE-2015-3095,     CVE-2015-5115, CVE-2014-0566)

  - An unspecified information disclosure vulnerability     exists. (CVE-2015-5107)

  - Multiple security bypass vulnerabilities exist that     allow an attacker to disclose arbitrary information.
    (CVE-2015-4449, CVE-2015-4450, CVE-2015-5088,     CVE-2015-5089, CVE-2015-5092, CVE-2014-8450)

  - A stack overflow condition exists that allows an     attacker to execute arbitrary code. (CVE-2015-5110)

  - Multiple use-after-free errors exist that allow an     attacker to execute arbitrary code. (CVE-2015-4448,     CVE-2015-5095, CVE-2015-5099, CVE-2015-5101,     CVE-2015-5111,  CVE-2015-5113, CVE-2015-5114)

  - Multiple validation bypass issues exist that allow an     attacker to escalate privileges. (CVE-2015-4446,     CVE-2015-5090, CVE-2015-5106)

  - A validation bypass issue exists that allows an attacker     to cause a denial of service condition. (CVE-2015-5091)

  - Multiple integer overflow conditions exist that allow an     attacker to execute arbitrary code. (CVE-2015-5097,     CVE-2015-5108, CVE-2015-5109)

  - Multiple flaws exist that allow an attacker to bypass     restrictions on the JavaScript API execution.
    (CVE-2015-4435, CVE-2015-4438, CVE-2015-4441,     CVE-2015-4445, CVE-2015-4447, CVE-2015-4451,     CVE-2015-4452, CVE-2015-5085, CVE-2015-5086)

  - Multiple NULL pointer dereference flaws exist that allow     an attacker to cause a denial of service condition.
    (CVE-2015-4443, CVE-2015-4444)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists that allows arbitrary code     execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows     arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - An input-validation error exists that allows universal     cross-site scripting (UXSS) attacks. (CVE-2014-0562)

  - A memory corruption error exists that allows denial of     service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allow arbitrary code     execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities :

  - A use-after-free error exists that allows arbitrary code     execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows     arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - An input-validation error exists that allows universal     cross-site scripting (UXSS) attacks. (CVE-2014-0562)

  - A memory corruption error exists that allows denial of     service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allow arbitrary code     execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote host is a version prior to 10.1.12 / 11.0.09. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists that allows arbitrary code     execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows     arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - A memory corruption error exists that allows denial of     service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allows arbitrary     code execution. (CVE-2014-0565, CVE-2014-0566)

  - An unspecified error exists that allows the bypassing     of the sandbox security restrictions. (CVE-2014-0568)

  - A race condition exists in the 'MoveFileEx' call hook     feature that allows attackers to bypass the sandbox     protection mechanism to write files to arbitrary     locations. Note that this issue only affects Adobe     Reader 11.x. This issue has not been officially fixed     in APSB14-20; however, it is unlikely to be exploitable     due to a related defense-in-depth change in version     11.0.09. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Acrobat installed on the remote host is a version prior to 10.1.12 / 11.0.09. It is, therefore, affected by the following vulnerabilities :

  - A use-after-free error exists that allows arbitrary code     execution. (CVE-2014-0560)

  - A heap-based buffer overflow exists that allows     arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

  - A memory corruption error exists that allows denial of     service attacks. (CVE-2014-0563)

  - Memory corruption errors exist that allows arbitrary     code execution. (CVE-2014-0565, CVE-2014-0566)

  - An unspecified error exists that allows the bypassing     of the sandbox security restrictions. (CVE-2014-0568)

  - A race condition exists in the 'MoveFileEx' call hook     feature that allows attackers to bypass the sandbox     protection mechanism to write files to arbitrary     locations. Note that this issue only affects Adobe     Acrobat 11.x. This issue has not been officially fixed     in APSB14-20; however, it is unlikely to be exploitable     due to a related defense-in-depth change in version     11.0.09. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
84803	Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
84802	Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15) (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
84801	Adobe Reader < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)	Nessus	Windows	high
84800	Adobe Acrobat < 10.1.15 / 11.0.12 / 2015.006.30060 / 2015.008.20082 Multiple Vulnerabilities (APSB15-15)	Nessus	Windows	high
77714	Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
77713	Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
77712	Adobe Reader < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)	Nessus	Windows	critical
77711	Adobe Acrobat < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)	Nessus	Windows	critical

Detections

Analytics

CVE-2014-0566

high

Tenable Plugins

critical

critical

high

high

critical

critical

critical

critical