SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 8571)

critical Nessus Plugin ID 66506

Synopsis

The remote SuSE 10 host is missing a security-related patch.

Description

Acrobat Reader has been updated to version 9.5.5.

The Adobe Advisory can be found at:
https://www.adobe.com/support/security/bulletins/apsb13-15.html

These updates resolve

- memory corruption vulnerabilities that could lead to code execution. (CVE-2013-2718 / CVE-2013-2719 / CVE-2013-2720 / CVE-2013-2721 / CVE-2013-2722 / CVE-2013-2723 / CVE-2013-2725 / CVE-2013-2726 / CVE-2013-2731 / CVE-2013-2732 / CVE-2013-2734 / CVE-2013-2735 / CVE-2013-2736 / CVE-2013-3337 / CVE-2013-3338 / CVE-2013-3339 / CVE-2013-3340 / CVE-2013-3341)

- an integer underflow vulnerability that could lead to code execution. (CVE-2013-2549)

- a use-after-free vulnerability that could lead to a bypass of Adobe Reader's sandbox protection.
(CVE-2013-2550)

- an information leakage issue involving a JavaScript API.
(CVE-2013-2737)

- a stack overflow vulnerability that could lead to code execution. (CVE-2013-2724)

- buffer overflow vulnerabilities that could lead to code execution. (CVE-2013-2730 / CVE-2013-2733)

- integer overflow vulnerabilities that could lead to code execution. (CVE-2013-2727 / CVE-2013-2729)

- a flaw in the way Reader handles domains that have been blacklisted in the operating system. (CVE-2013-3342)

Solution

Apply ZYPP patch number 8571.

See Also

http://support.novell.com/security/cve/CVE-2013-2733.html

http://support.novell.com/security/cve/CVE-2013-2734.html

http://support.novell.com/security/cve/CVE-2013-2735.html

http://support.novell.com/security/cve/CVE-2013-2736.html

http://support.novell.com/security/cve/CVE-2013-2737.html

http://support.novell.com/security/cve/CVE-2013-3337.html

http://support.novell.com/security/cve/CVE-2013-3338.html

http://support.novell.com/security/cve/CVE-2013-3339.html

http://support.novell.com/security/cve/CVE-2013-3340.html

http://support.novell.com/security/cve/CVE-2013-3341.html

http://support.novell.com/security/cve/CVE-2013-3342.html

http://support.novell.com/security/cve/CVE-2013-2549.html

http://support.novell.com/security/cve/CVE-2013-2550.html

http://support.novell.com/security/cve/CVE-2013-2718.html

http://support.novell.com/security/cve/CVE-2013-2719.html

http://support.novell.com/security/cve/CVE-2013-2720.html

http://support.novell.com/security/cve/CVE-2013-2721.html

http://support.novell.com/security/cve/CVE-2013-2722.html

http://support.novell.com/security/cve/CVE-2013-2723.html

http://support.novell.com/security/cve/CVE-2013-2724.html

http://support.novell.com/security/cve/CVE-2013-2725.html

http://support.novell.com/security/cve/CVE-2013-2726.html

http://support.novell.com/security/cve/CVE-2013-2727.html

http://support.novell.com/security/cve/CVE-2013-2729.html

http://support.novell.com/security/cve/CVE-2013-2730.html

http://support.novell.com/security/cve/CVE-2013-2731.html

http://support.novell.com/security/cve/CVE-2013-2732.html

Plugin Details

Severity: Critical

ID: 66506

File Name: suse_acroread-8571.nasl

Version: 1.11

Type: local

Agent: unix

Published: 5/19/2013

Updated: 3/29/2022

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.6

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:suse:suse_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/16/2013

CISA Known Exploited Vulnerability Due Dates: 4/18/2022

Exploitable With

Core Impact

Metasploit (AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass)

Reference Information

CVE: CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342