Adobe Reader < 9.4 / 8.2.5 Multiple Vulnerabilities (APSB10-21)
high Nessus Plugin ID 49173
Language:
Synopsis
The version of Adobe Reader on the remote Windows host is affected by multiple vulnerabilities.Description
The version of Adobe Reader installed on the remote host is earlier than 9.4 / 8.2.5. Such versions are affected by multiple code execution vulnerabilities.Note that there have been reports that one or more of these issues are being actively exploited in the wild.
Solution
Upgrade to Adobe Reader 9.4 / 8.2.5 or later.See Also
http://www.nessus.org/u?ac085b0c
http://www.nessus.org/u?9783f73a
https://www.adobe.com/support/security/advisories/apsa10-02.html
http://www.adobe.com/support/security/bulletins/apsb10-21.html
Plugin Details
Severity: High
ID: 49173
File Name: adobe_reader_apsa10-02.nasl
Version: 1.29
Type: local
Agent: windows
Family: Windows
Published: 9/9/2010
Updated: 6/8/2022
Supported Sensors: Nessus Agent
Risk Information
VPR
Risk Factor: Critical
Score: 9.7
CVSS v2
Risk Factor: High
Base Score: 9.3
Temporal Score: 8.1
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Temporal Vector: E:H/RL:OF/RC:C
CVSS Score Source: CVE-2010-3658
Vulnerability Information
CPE: cpe:/a:adobe:acrobat_reader
Required KB Items: SMB/Acroread/Version
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/5/2010
Vulnerability Publication Date: 9/7/2010
CISA Known Exploited Dates: 6/22/2022
Exploitable With
CANVAS (CANVAS)
Core Impact
Metasploit (Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow)
ExploitHub (EH-11-971)
Reference Information
CVE: CVE-2010-2883, CVE-2010-2884, CVE-2010-2888, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3632, CVE-2010-3656, CVE-2010-3657, CVE-2010-3658
BID: 43057, 43205, 43722, 43723, 43724, 43725, 43726, 43727, 43729, 43730, 43732, 43734, 43735, 43737, 43738, 43739, 43741, 43744, 43746