Adobe Reader < 9.4.7 Multiple Memory Corruption Vulnerabilities (APSB11-30)

This script is Copyright (C) 2011-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Reader on the remote Windows host is affected by
multiple memory corruption vulnerabilities.

Description :

The remote Windows host contains a version of Adobe Reader earlier
than 9.4.7. Such versions are affected by multiple memory corruption
vulnerabilities related to the 'Universal 3D' (U3D) file format and
the 'Product Representation Compact' (PRC) component.

A remote attacker could exploit this by tricking a user into viewing a
maliciously crafted PDF file, causing application crashes and
potentially resulting in arbitrary code execution.

This plugin does not check for Reader 10.x releases, which are
vulnerable but were not fixed until APSB12-01. Refer to plugin 57484
for more information.

See also :

http://www.adobe.com/support/security/bulletins/apsb11-30.html
http://www.adobe.com/support/security/advisories/apsa11-04.html

Solution :

Upgrade to Adobe Reader 9.4.7 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: Windows

Nessus Plugin ID: 57043 ()

Bugtraq ID: 50922
51092

CVE ID: CVE-2011-2462
CVE-2011-4369

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now