Adobe Reader <= 10.1.1 / 9.4.6 U3D Memory Corruption (APSA11-04, APSB11-28, APSB11-30, APSB12-01) (Mac OS X)

High Nessus Plugin ID 57044


The version of Adobe Reader on the remote Mac OS X host is affected by a memory corruption vulnerability.


The version of Adobe Reader installed on the remote Mac OS X host is prior or equal to 10.1.1 or 9.4.6. It is, therefore, affected by a memory corruption issue related to the Universal 3D (U3D) file format.
A remote attacker can exploit this, by convincing a user to view a maliciously crafted PDF file, to cause an application crash or to execute arbitrary code.

Note that the Adobe Reader X user-specific option to use 'Protected Mode' prevents an exploit of this kind from being executed, but Nessus cannot test for this configuration option.


Upgrade to Adobe Reader version 9.5 / 10.1.2 or later. If the product is Adobe Reader X, and upgrading is not an option, then the user-specific option 'Protected Mode' should be enabled.

See Also

Plugin Details

Severity: High

ID: 57044

File Name: macosx_adobe_reader_apsa11-04.nasl

Version: $Revision: 1.17 $

Type: local

Agent: macosx

Published: 2011/12/07

Modified: 2016/11/28

Dependencies: 55420

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 7.7

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:adobe:acrobat_reader

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Adobe Reader

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2011/12/06

Vulnerability Publication Date: 2011/12/06

Exploitable With


Core Impact

Metasploit (Adobe Reader U3D Memory Corruption Vulnerability)

Reference Information

CVE: CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460, CVE-2011-2462, CVE-2011-4369, CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373

BID: 50618, 50619, 50620, 50621, 50622, 50623, 50624, 50625, 50626, 50627, 50628, 50629, 50922, 51092, 51348, 51349, 51350, 51351

OSVDB: 77018, 77019, 77020, 77021, 77022, 77023, 77024, 77025, 77026, 77027, 77028, 77029, 77529, 78026, 78245, 78246, 78247, 78248

EDB-ID: 18366