Adobe Reader < 9.4.1 Multiple Vulnerabilities (APSB10-28)

This script is Copyright (C) 2010-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Reader installed on the remote host is earlier
than 9.4.1. Such versions are reportedly affected by multiple
vulnerabilities :

- A memory corruption vulnerability exists that could lead
to code execution. Note that this issue does not affect
Adobe Reader 8.x. (CVE-2010-3654)

- An input validation issue exists that could lead to a
bypass of cross-domain policy file restrictions with
certain server encodings. (CVE-2010-3636)

- A memory corruption vulnerability exists in the ActiveX
component. (CVE-2010-3637)

- An unspecified issue exists which could lead to a
denial of service or potentially arbitrary code
execution. (CVE-2010-3639)

- Multiple memory corruption issues exist that could lead
to arbitrary code execution. (CVE-2010-3640,
CVE-2010-3641, CVE-2010-3642, CVE-2010-3643,
CVE-2010-3644, CVE-2010-3645, CVE-2010-3646,
CVE-2010-3647, CVE-2010-3648, CVE-2010-3649,
CVE-2010-3650, CVE-2010-3652)

- A library-loading vulnerability could lead to code
execution. (CVE-2010-3976)

- A memory corruption vulnerability exists that could lead
to code execution. (CVE-2010-4091)

See also :

http://www.adobe.com/support/security/bulletins/apsb10-28.html
http://www.nessus.org/u?c06ef915

Solution :

Upgrade to Adobe Reader 9.4.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true