Adobe Acrobat 9.x / 10.x Multiple Vulnerabilities (APSB11-08)

high Nessus Plugin ID 53450

Synopsis

The version of Adobe Acrobat on the remote Windows host is affected by multiple memory corruption vulnerabilities.

Description

The remote Windows host contains a version of Adobe Acrobat 9.x < 9.4.4 or 10.x < 10.0.3. Such versions are affected by multiple memory corruption vulnerabilities.

A remote attacker could exploit this by tricking a user into viewing a malicious crafted PDF file, resulting in arbitrary code execution.

Note also, CVE-2011-0611 is being exploited in the wild as of April 2011.

Solution

Upgrade to Adobe Acrobat 9.4.4 / 10.0.3 or later.

See Also

http://www.nessus.org/u?9ee82b34

http://www.adobe.com/support/security/advisories/apsa11-02.html

https://www.adobe.com/support/security/bulletins/apsb11-08.html

Plugin Details

Severity: High

ID: 53450

File Name: adobe_acrobat_apsa11-02.nasl

Version: 1.24

Type: local

Agent: windows

Family: Windows

Published: 4/15/2011

Updated: 3/8/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2011-0611

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: SMB/Acrobat/Version

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 4/21/2011

Vulnerability Publication Date: 4/11/2011

CISA Known Exploited Vulnerability Due Dates: 3/24/2022

Exploitable With

Core Impact

Metasploit (Adobe Flash Player 10.2.153.1 SWF Memory Corruption Vulnerability)

Reference Information

CVE: CVE-2011-0610, CVE-2011-0611

BID: 47314, 47531

CERT: 230057

Secunia: 44149