Adobe Acrobat <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)

This script is Copyright (C) 2014-2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat on the remote Mac OS X host is affected
by multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote host is version
10.x equal to or prior to 10.1.10, or 11.x equal to or prior to
11.0.07. It is, therefore, affected by multiple vulnerabilities :

- A use-after-free error exists that allows arbitrary code
execution. (CVE-2014-0560)

- A heap-based buffer overflow exists that allows
arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)

- An input-validation error exists that allows universal
cross-site scripting (UXSS) attacks. (CVE-2014-0562)

- A memory corruption error exists that allows denial of
service attacks. (CVE-2014-0563)

- Memory corruption errors exist that allow arbitrary code
execution. (CVE-2014-0565, CVE-2014-0566)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/acrobat/apsb14-20.html

Solution :

Upgrade to Adobe Acrobat 10.1.12 / 11.0.09 or later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.9
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: MacOS X Local Security Checks

Nessus Plugin ID: 77713 ()

Bugtraq ID: 69823
69821
69822
69826
69824
69825
69827

CVE ID: CVE-2014-0560
CVE-2014-0561
CVE-2014-0562
CVE-2014-0563
CVE-2014-0565
CVE-2014-0566
CVE-2014-0567

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now