Adobe Reader 9 <= 9.4 (APSA10-05)

high Nessus Plugin ID 50381


New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.


The version of Adobe Reader on the remote Windows host is affected by a code execution vulnerability.


The remote Windows host contains Adobe Reader version 9.4 or earlier. Such versions are affected by an unspecified memory corruption vulnerability.

A remote attacker could exploit this issue by getting a user to open a maliciously crafted PDF containing SWF content, resulting in the execution of arbitrary code.

This vulnerability is reportedly being exploited in the wild.


Upgrade to the latest version when it is released. Adobe states it will be released the week of November 15, 2010.

In the meantime, deleting or renaming the version of 'authplay.dll' that ships with Adobe Reader will result in a non-exploitable crash when opening PDFs containing SWF content.

See Also

Plugin Details

Severity: High

ID: 50381

File Name: adobe_reader_apsa10-05.nasl

Version: Revision: 1.9

Type: local

Agent: windows

Family: Windows

Published: 10/28/2010

Updated: 5/13/2013

Dependencies: adobe_reader_installed.nasl, smb_hotfixes.nasl

Risk Information


Risk Factor: High

Base Score: 9.3

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/a:adobe:acrobat_reader

Required KB Items: SMB/Acroread/Version, SMB/Registry/Enumerated

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/28/2010

Exploitable With

Metasploit (Adobe Flash Player "Button" Remote Code Execution)

Reference Information

CVE: CVE-2010-3654

BID: 44504

OSVDB: 68932