GLSA-201308-03 : Adobe Reader: Multiple vulnerabilities

critical Nessus Plugin ID 69454

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-201308-03 (Adobe Reader: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details.
Impact :

A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in arbitrary code execution or a Denial of Service condition. A local attacker could gain privileges via unspecified vectors.
Workaround :

There is no known workaround at this time.

Solution

All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-text/acroread-9.5.5'

See Also

https://security.gentoo.org/glsa/201308-03

Plugin Details

Severity: Critical

ID: 69454

File Name: gentoo_GLSA-201308-03.nasl

Version: 1.18

Type: local

Published: 8/23/2013

Updated: 3/29/2022

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Critical

Score: 9.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:acroread, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/22/2013

CISA Known Exploited Vulnerability Due Dates: 3/24/2022, 4/18/2022

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (AdobeCollabSync Buffer Overflow Adobe Reader X Sandbox Bypass)

Reference Information

CVE: CVE-2012-1525, CVE-2012-1530, CVE-2012-2049, CVE-2012-2050, CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160, CVE-2012-4363, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627, CVE-2013-0640, CVE-2013-0641, CVE-2013-2549, CVE-2013-2550, CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2724, CVE-2013-2725, CVE-2013-2726, CVE-2013-2727, CVE-2013-2729, CVE-2013-2730, CVE-2013-2731, CVE-2013-2732, CVE-2013-2733, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-2737, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, CVE-2013-3341, CVE-2013-3342

BID: 55005, 55006, 55008, 55010, 55011, 55012, 55013, 55015, 55016, 55017, 55018, 55019, 55020, 55021, 55024, 55026, 55027, 55055, 57263, 57264, 57265, 57268, 57269, 57270, 57272, 57273, 57274, 57275, 57276, 57277, 57282, 57283, 57284, 57285, 57286, 57287, 57289, 57290, 57291, 57292, 57293, 57294, 57295, 57296, 57297, 57931, 57947, 58398, 58568, 59902, 59903, 59904, 59905, 59906, 59907, 59908, 59909, 59910, 59911, 59912, 59913, 59914, 59915, 59916, 59917, 59918, 59919, 59920, 59921, 59923, 59925, 59926, 59927, 59930

GLSA: 201308-03