Adobe Acrobat Help Page XSS (Mac OS X)

medium Nessus Plugin ID 77814

Synopsis

The version of Adobe Acrobat on the remote Mac OS X host is affected by a cross-site scripting vulnerability.

Description

The version of Adobe Acrobat installed on the remote host is a version equal to or prior to 9.5.2. It is, therefore, affected by an input validation error related to the Help page that can allow cross-site scripting attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Upgrade to Adobe Acrobat 10.1.11 / 11.0.08 or later.

See Also

http://jvn.jp/en/jp/JVN84376800/index.html

Plugin Details

Severity: Medium

ID: 77814

File Name: macosx_adobe_acrobat_CVE-2014-5315.nasl

Version: 1.3

Type: local

Agent: macosx

Published: 9/23/2014

Updated: 7/14/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.0

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Adobe Acrobat

Exploit Ease: No known exploits are available

Patch Publication Date: 11/15/2010

Vulnerability Publication Date: 9/12/2014

Reference Information

CVE: CVE-2014-5315

BID: 69791

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990