Adobe Reader < 10.1.13 / 11.0.10 Multiple Vulnerabilities (APSB14-28) (Mac OS X)
High Nessus Plugin ID 79858
SynopsisThe version of Adobe Reader on the remote Mac OS X host is affected by multiple vulnerabilities.
DescriptionThe version of Adobe Reader installed on the remote host is a version prior to 10.1.13 / 11.0.10. It is, therefore, affected by the following vulnerabilities :
- Memory corruption errors exist that allow arbitrary code execution. (CVE-2014-8445, CVE-2014-8446, CVE-2014-8447, CVE-2014-8456, CVE-2014-8458, CVE-2014-8459, CVE-2014-8461, CVE-2014-9158)
- An integer overflow vulnerability exists that allows arbitrary code execution. (CVE-2014-8449)
- An error in handling XML external entities allows information disclosure. (CVE-2014-8452)
- A same-origin policy error allows security bypass.
- Use-after-free errors exist that allow arbitrary code execution. (CVE-2014-8454, CVE-2014-8455, CVE-2014-9165)
- Heap-based buffer overflow flaws exist that allow arbitrary code execution. (CVE-2014-8457, CVE-2014-8460, CVE-2014-9159).
- A time-of-check time-of-use (TOCTOU) race condition allows arbitrary file system writes. (CVE-2014-9150)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
SolutionUpgrade to Adobe Reader 10.1.13 / 11.0.10 or later.