Adobe Acrobat < 10.1.12 / 11.0.09 Multiple Vulnerabilities (APSB14-20)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Windows host is affected by
multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is a version
prior to 10.1.12 / 11.0.09. It is, therefore, affected by the
following vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that allows arbitrary
code execution. (CVE-2014-0565, CVE-2014-0566)

- An unspecified error exists that allows the bypassing
of the sandbox security restrictions. (CVE-2014-0568)

- A race condition exists in the 'MoveFileEx' call hook
feature that allows attackers to bypass the sandbox
protection mechanism to write files to arbitrary
locations. Note that this issue only affects Adobe
Acrobat 11.x. This issue has not been officially fixed
in APSB14-20; however, it is unlikely to be exploitable
due to a related defense-in-depth change in version
11.0.09. (CVE-2014-9150)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/reader/apsb14-20.html
http://www.nessus.org/u?9107f739

Solution :

Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.7
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now