Adobe Acrobat < 10.0.1 / 9.4.2 / 8.2.5 Multiple Vulnerabilities (APSB11-03)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is earlier
than 10.0.1 / 9.4.2 / 8.2.5. Such versions are reportedly affected by
multiple vulnerabilities :

- Multiple input validation vulnerability exist that could
lead to code execution. (CVE-2010-4091, CVE-2011-0586,
CVE-2011-0587, CVE-2011-0604)

- Multiple library loading vulnerabilities exist that
could lead to code execution. (CVE-2011-0562,
CVE-2011-0570, CVE-2011-0575, CVE-2011-0588)

- Multiple memory corruption vulnerabilities exist that
could lead to code execution. (CVE-2011-0563,
CVE-2011-0559, CVE-2011-0560, CVE-2011-0561,
CVE-2011-0571, CVE-2011-0572, CVE-2011-0573,
CVE-2011-0574, CVE-2011-0578, CVE-2011-0589,
CVE-2011-0606, CVE-2011-0607, CVE-2011-0608)

- A Windows-only file permissions issue exists that could
lead to privilege escalation. (CVE-2011-0564)

- An unspecified vulnerability exists that could cause the
application to crash or potentially lead to code
execution. (CVE-2011-0565)

- Multiple image-parsing memory corruption vulnerabilities
exist that could lead to code execution. (CVE-2011-0566,
CVE-2011-0567, CVE-2011-0596, CVE-2011-0598,
CVE-2011-0599, CVE-2011-0602, CVE-2011-0603)

- An unspecified vulnerability exists that could cause the
application to crash or potentially lead to code
execution. (CVE-2011-0585)

- Multiple 3D file parsing input validation
vulnerabilities exist that could lead to code execution.
(CVE-2011-0590, CVE-2011-0591, CVE-2011-0592,
CVE-2011-0593, CVE-2011-0595, CVE-2011-0600)

- Multiple font parsing input validation vulnerabilities
exist that could lead to code execution. (CVE-2011-0594,
CVE-2011-0577)

- An integer overflow vulnerability exists that could lead
to code execution. (CVE-2011-0558)

See also :

http://www.zerodayinitiative.com/advisories/ZDI-11-065
http://www.zerodayinitiative.com/advisories/ZDI-11-066
http://www.zerodayinitiative.com/advisories/ZDI-11-067
http://www.zerodayinitiative.com/advisories/ZDI-11-068
http://www.zerodayinitiative.com/advisories/ZDI-11-069
http://www.zerodayinitiative.com/advisories/ZDI-11-070
http://www.zerodayinitiative.com/advisories/ZDI-11-071
http://www.zerodayinitiative.com/advisories/ZDI-11-072
http://www.zerodayinitiative.com/advisories/ZDI-11-073
http://www.zerodayinitiative.com/advisories/ZDI-11-074
http://www.zerodayinitiative.com/advisories/ZDI-11-075
http://www.zerodayinitiative.com/advisories/ZDI-11-077
http://www.zerodayinitiative.com/advisories/ZDI-11-081
http://www.adobe.com/support/security/bulletins/apsb11-03.html

Solution :

Upgrade to Adobe Acrobat 8.2.6 / 9.4.2 / 10.0.1 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true