Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)
high Nessus Plugin ID 48374
Language:
Synopsis
The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Acrobat installed on the remote host is earlier than 9.3.4 / 8.2.4. Such versions are reportedly affected by multiple vulnerabilities :- Multiple vulnerabilities in the bundled Flash Player as noted in APSB10-16. (CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216)
- A social engineering attack could lead to code execution. (CVE-2010-1240)
- An integer overflow vulnerability could lead to code execution. (CVE-2010-2862)
Solution
Upgrade to Adobe Acrobat 9.3.4 / 8.2.4 or later.See Also
http://securityevaluators.com/knowledge/papers/CrashAnalysis.pdf
http://www.adobe.com/support/security/bulletins/apsb10-16.html
http://www.adobe.com/support/security/bulletins/apsb10-17.html
Plugin Details
Severity: High
ID: 48374
File Name: adobe_acrobat_apsb10-17.nasl
Version: 1.19
Type: local
Agent: windows
Family: Windows
Published: 8/19/2010
Updated: 9/17/2018
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Critical
Score: 9.6
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:H/RL:OF/RC:C
Vulnerability Information
CPE: cpe:/a:adobe:acrobat
Required KB Items: SMB/Acrobat/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/19/2010
Vulnerability Publication Date: 8/4/2010
Exploitable With
Metasploit (Adobe PDF Escape EXE Social Engineering (No JavaScript))
Reference Information
CVE: CVE-2010-0209, CVE-2010-1240, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2862