Summary
The host is installed with Adobe Acrobat
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
attackers to disclose potentially sensitive information, bypass certain security restrictions, execute arbitrary code and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Adobe Acrobat version 10.1.13 or
11.0.10 or later. For updates refer,
http://www.adobe.com/in/products/acrobat.html
Insight
Multiple Flaws are due to,
- Multiple use-after-free errors can be exploited to execute arbitrary code.
- Multiple unspecified errors can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code.
- A Race condition in the MoveFileEx call hook feature allows attackers to bypass a sandbox protection mechanism.
- An error within the implementation of a Javascript API can be exploited to disclose certain information.
- Multiple integer overflow errors can be exploited to execute arbitrary code.
Affected
Adobe Acrobat 10.x before 10.1.13 and
Adobe Acrobat 11.x before 11.0.10 on Mac OS X.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Vulnerabilities - 01 Jan14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities - Windows
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Linux)
- Active Perl Locale::Maketext Module Multiple Code Injection Vulnerabilities (Windows)
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)