Adobe Acrobat 9 <= 9.4 (APSA10-05)

high Nessus Plugin ID 50380

Language:

Synopsis

The version of Adobe Acrobat on the remote Windows host is affected by a code execution vulnerability.

Description

The remote Windows host contains Adobe Acrobat version 9.4 or earlier. Such versions are affected by an unspecified memory corruption vulnerability.

A remote attacker could exploit this issue by getting a user to open a maliciously crafted PDF containing SWF content, resulting in the execution of arbitrary code.

This vulnerability is reportedly being exploited in the wild.

Solution

Upgrade to the latest version when it is released. Adobe states it will be released the week of November 15, 2010.

In the meantime, deleting or renaming the version of 'authplay.dll' that ships with Adobe Acrobat will result in a non-exploitable crash when opening PDFs containing SWF content.

See Also

http://www.adobe.com/support/security/advisories/apsa10-05.html

Plugin Details

Severity: High

ID: 50380

File Name: adobe_acrobat_apsa10-05.nasl

Version: Revision: 1.8

Type: local

Agent: windows

Family: Windows

Published: 10/28/2010

Updated: 6/14/2012

Dependencies: adobe_acrobat_installed.nasl, smb_hotfixes.nasl

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: SMB/Acrobat/Version, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/28/2010

Exploitable With

Metasploit (Adobe Flash Player "Button" Remote Code Execution)

Reference Information

CVE: CVE-2010-3654

BID: 44504

OSVDB: 68932