Adobe Acrobat < 11.0.14 / 15.006.30119 / 15.010.20056 Multiple Vulnerabilities (APSB16-02) (Mac OS X)

This script is Copyright (C) 2016 Tenable Network Security, Inc.


Synopsis :

The version of Adobe Acrobat installed on the remote Mac OS X host is
affected by multiple vulnerabilities.

Description :

The version of Adobe Acrobat installed on the remote Mac OS X host is
a version prior to 11.0.14, 15.006.30119, or 15.010.20056. It is,
therefore, affected by multiple vulnerabilities :

- Multiple use-after-free errors exist that allow a remote
attacker to execute arbitrary code. (CVE-2016-0932,
CVE-2016-0934, CVE-2016-0937, CVE-2016-0940,
CVE-2016-0941)

- Multiple memory corruption issues exist that allow a
remote attacker to execute arbitrary code.
(CVE-2016-0931, CVE-2016-0933, CVE-2016-0936,
CVE-2016-0938, CVE-2016-0939, CVE-2016-0942,
CVE-2016-0944, CVE-2016-0945, CVE-2016-0946)

- Multiple double-free errors exist that allow a remote
attacker to execute arbitrary code. (CVE-2016-0935,
CVE-2016-1111)

- A flaw exists in the Global JavaScript API that allows
a remote attacker to bypass restrictions and execute
arbitrary code. (CVE-2016-0943)

- A flaw exists in the download manager related to the
directory search path used to find resources. A remote
attacker can exploit this execute arbitrary code.
(CVE-2016-0947)

Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number.

See also :

https://helpx.adobe.com/security/products/reader/apsb16-02.html

Solution :

Upgrade to Adobe Acrobat 11.0.14 / 15.006.30119 / 15.010.20056 or
later.

Risk factor :

High / CVSS Base Score : 9.3
(CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 7.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now