SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)

High Nessus Plugin ID 50883

Synopsis

The remote SuSE 11 host is missing one or more security updates.

Description

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has been fixed.

This update also incorporates the Adobe Flash Player update APSB10-16 for the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 / CVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)

Solution

Apply SAT patch number 3008 / 3009 as appropriate.

See Also

https://bugzilla.novell.com/show_bug.cgi?id=629134

http://support.novell.com/security/cve/CVE-2010-0209.html

http://support.novell.com/security/cve/CVE-2010-1240.html

http://support.novell.com/security/cve/CVE-2010-2188.html

http://support.novell.com/security/cve/CVE-2010-2213.html

http://support.novell.com/security/cve/CVE-2010-2214.html

http://support.novell.com/security/cve/CVE-2010-2215.html

http://support.novell.com/security/cve/CVE-2010-2216.html

http://support.novell.com/security/cve/CVE-2010-2862.html

Plugin Details

Severity: High

ID: 50883

File Name: suse_11_acroread-100825.nasl

Version: 1.11

Type: local

Agent: unix

Published: 2010/12/02

Updated: 2019/10/25

Dependencies: 12634

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:11:acroread, p-cpe:/a:novell:suse_linux:11:acroread-cmaps, p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja, p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko, p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN, p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW, cpe:/o:novell:suse_linux:11

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/08/25

Exploitable With

Metasploit (Adobe PDF Escape EXE Social Engineering (No JavaScript))

Reference Information

CVE: CVE-2010-0209, CVE-2010-1240, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216, CVE-2010-2862