Adobe Acrobat < 9.4.7 Multiple Memory Corruption Vulnerabilities (APSB11-30)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected
by multiple memory corruption vulnerabilities.

Description :

The remote Windows host contains a version of Adobe Acrobat earlier
than 9.4.7. Such versions are affected by multiple memory corruption
vulnerabilities related to the 'Universal 3D' (U3D) file format and
the 'Product Representation Compact' (PRC) component.

A remote attacker could exploit this by tricking a user into viewing a
maliciously crafted PDF file, causing application crashes and
potentially resulting in arbitrary code execution.

This plugin does not check for Acrobat 10.x releases, which are
vulnerable but were not fixed until APSB12-01. Refer to plugin 57483
for more information.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/advisories/apsa11-04.html

Solution :

Upgrade to Adobe Acrobat 9.4.7 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 57042 ()

Bugtraq ID: 50922
51092

CVE ID: CVE-2011-2462
CVE-2011-4369

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now