Adobe Audition < CS5.5 Multiple SES Session File Processing Overflows (APSB11-10)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The remote Windows host has an application installed that is affected
by multiple buffer overflow vulnerabilities.

Description :

According to its version number, the Adobe Audition install on the
remote host is potentially affected by multiple buffer overflows when
handling specially crafted Audition Session (.ses) files.

By tricking a user into opening a specially crafted .ses file, an
unauthenticated, remote attacker may be able to leverage these issues
to execute arbitrary code subject to the privileges of the user
running the application.

See also :

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5012.php
http://www.coresecurity.com/content/Adobe-Audition-malformed-SES-file
http://seclists.org/bugtraq/2011/May/110
http://www.adobe.com/support/security/bulletins/apsb11-10.html

Solution :

Upgrade to Adobe Audition CS5.5 (4.0) or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 54606 ()

Bugtraq ID: 47838
47841

CVE ID: CVE-2011-0614
CVE-2011-0615

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now