Adobe Acrobat 9.x < 9.4.1 Multiple Vulnerabilities (APSB10-28)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Acrobat 9.x installed on the remote host is
earlier than 9.4.1. Such versions are reportedly affected by multiple
vulnerabilities :

- A memory corruption vulnerability exists that could lead
to code execution. Note that this issue does not affect
Adobe Acrobat 8.x. (CVE-2010-3654)

- An input validation issue exists that could lead to a
bypass of cross-domain policy file restrictions with
certain server encodings. (CVE-2010-3636)

- A memory corruption vulnerability exists in the ActiveX
component. (CVE-2010-3637)

- An unspecified issue exists which could lead to a
denial of service or potentially arbitrary code
execution. (CVE-2010-3639)

- Multiple memory corruption issues exist that could lead
to arbitrary code execution. (CVE-2010-3640,
CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,
CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,
CVE-2010-3650, CVE-2010-3652)

- A library-loading vulnerability could lead to code
execution. (CVE-2010-3976)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-28.html

Solution :

Upgrade to Adobe Acrobat 9.4.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now