SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7267)
High Nessus Plugin ID 51716
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update of acroread fixes two critical vulnerabilities. The first one in referenced by CVE-2010-3654 and exists in the integrated authplay component that may allow remote attackers to take control over a victims system.
(CVE-2010-3654: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119))
The other issue was disclosed on full-disclosure to demonstrate a denial of service attack, an extend of this attack to execute arbitrary code could be possible.
(CVE-2010-4091: CVSS v2 Base Score: 6.8 (critical) (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119))
SolutionApply ZYPP patch number 7267.