Summary
This host is installed with Adobe Reader and is prone to remote code execution vulnerability.
Impact
Successful exploitation will let attackers to execute arbitrary code by tricking a user into opening a PDF file embedding a malicious Flash animation and bypass intended sandbox restrictions allowing cross-domain requests.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader version 9.3.1 or 8.2.1 or later. For updates refer to http://www.adobe.com
Insight
Flaw is caused by a memory corruption error in the 'authplay.dll' module when processing malformed Flash data within a PDF document and some unspecified error.
Affected
Adobe Reader version 8.x before 8.2.1 and 9.x before 9.3.1 on Linux.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-0186, CVE-2010-0188 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- Adobe AIR Multiple Vulnerabilities-01 Sep13 (Windows)
- Adobe Air Multiple Vulnerabilities June-2012 (Mac OS X)