Adobe Acrobat Help Page XSS (Mac OS X)

Medium Nessus Plugin ID 77814


The version of Adobe Acrobat on the remote Mac OS X host is affected by a cross-site scripting vulnerability.


The version of Adobe Acrobat installed on the remote host is a version equal to or prior to 9.5.2. It is, therefore, affected by an input validation error related to the Help page that can allow cross-site scripting attacks.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Upgrade to Adobe Acrobat 10.1.11 / 11.0.08 or later.

See Also

Plugin Details

Severity: Medium

ID: 77814

File Name: macosx_adobe_acrobat_CVE-2014-5315.nasl

Version: $Revision: 1.2 $

Type: local

Agent: macosx

Published: 2014/09/23

Modified: 2015/02/03

Dependencies: 70349

Risk Information

Risk Factor: Medium


Base Score: 4.3

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: cpe:/a:adobe:acrobat

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Adobe Acrobat

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2010/11/15

Vulnerability Publication Date: 2014/09/12

Reference Information

CVE: CVE-2014-5315

BID: 69791

OSVDB: 111397

CWE: 20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990