Adobe Reader 9 <= 9.4 (APSA10-05)

High Nessus Plugin ID 50381


The version of Adobe Reader on the remote Windows host is affected by a code execution vulnerability.


The remote Windows host contains Adobe Reader version 9.4 or earlier. Such versions are affected by an unspecified memory corruption vulnerability.

A remote attacker could exploit this issue by getting a user to open a maliciously crafted PDF containing SWF content, resulting in the execution of arbitrary code.

This vulnerability is reportedly being exploited in the wild.


Upgrade to the latest version when it is released. Adobe states it will be released the week of November 15, 2010.

In the meantime, deleting or renaming the version of 'authplay.dll' that ships with Adobe Reader will result in a non-exploitable crash when opening PDFs containing SWF content.

See Also

Plugin Details

Severity: High

ID: 50381

File Name: adobe_reader_apsa10-05.nasl

Version: $Revision: 1.9 $

Type: local

Agent: windows

Family: Windows

Published: 2010/10/28

Modified: 2013/05/13

Dependencies: 20836, 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat_reader

Required KB Items: SMB/Acroread/Version, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2010/10/28

Exploitable With

Metasploit (Adobe Flash Player "Button" Remote Code Execution)

Reference Information

CVE: CVE-2010-3654

BID: 44504

OSVDB: 68932