Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 9.3 / 8.2. Such versions are reportedly affected by multiple
vulnerabilities :

- A use-after-free vulnerability in 'Multimedia.api' can
lead to code execution. (CVE-2009-4324)

- An array boundary issue in 'U3D' support can lead to
code execution. (CVE-2009-3953)

- A DLL-loading vulnerability in '3D' can allow arbitrary
code execution. (CVE-2009-3954)

- A memory corruption vulnerability can lead to code
execution. (CVE-2009-3955)

- A script injection vulnerability. (CVE-2009-3956)

- A NULL pointer dereference vulnerability can lead to a
denial of service. (CVE-2009-3957)

- A buffer overflow vulnerability in the Download Manager
can lead to code execution. (CVE-2009-3958)

- An integer overflow vulnerability in 'U3D' support can
lead to code execution. (CVE-2009-3959)

- A buffer overflow in the 'gp.ocx' ActiveX control can
lead to code execution. (CVE-2010-1278)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-10-077/
http://www.securityfocus.com/archive/1/510868/30/0/threaded
http://www.adobe.com/support/security/bulletins/apsb10-02.html

Solution :

Upgrade to Adobe Acrobat 9.3 / 8.2 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 8.1
(CVSS2#E:H/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now