Adobe Reader <= 10.1.10 / 11.0.07 Multiple Vulnerabilities (APSB14-20) (Mac OS X)
High Nessus Plugin ID 77714
SynopsisThe version of Adobe Reader on the remote Mac OS X host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Reader installed on the remote host is version 10.x equal to or prior to 10.1.10, or 11.x equal to or prior to 11.0.07. It is, therefore, affected by multiple vulnerabilities :
- A use-after-free error exists that allows arbitrary code execution. (CVE-2014-0560)
- A heap-based buffer overflow exists that allows arbitrary code execution. (CVE-2014-0561, CVE-2014-0567)
- An input-validation error exists that allows universal cross-site scripting (UXSS) attacks. (CVE-2014-0562)
- A memory corruption error exists that allows denial of service attacks. (CVE-2014-0563)
- Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-0565, CVE-2014-0566)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Adobe Reader 10.1.12 / 11.0.09 or later.