Summary
The host is installed with Adobe Acrobat
and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow
attackers to disclose potentially sensitive information, bypass certain security restrictions, execute arbitrary code and compromise a user's system.
Impact Level: System/Application
Solution
Upgrade to Adobe Acrobat version 10.1.12 or
11.0.09 or later.
For updates refer http://www.adobe.com/in/products/acrobat.html
Insight
Multiple Flaws are due to,
- An use-after-free error can be exploited to execute arbitrary code.
- An unspecified error can be exploited to conduct cross-site scripting attacks.
- An error within the implementation of the 'replace()' JavaScript function can be exploited to cause a heap-based buffer overflow via specially crafted arguments.
- An error within the 3DIF Plugin (3difr.x3d) can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.
- Some unspecified errors can be exploited to cause a memory corruption.
- An unspecified error can be exploited to bypass certain sandbox restrictions.
Affected
Adobe Acrobat 10.x before 10.1.12 and
11.x before 11.0.09 on Mac OS X.
Detection
Get the installed version with the help
of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2014-0560, CVE-2014-0561, CVE-2014-0562, CVE-2014-0563, CVE-2014-0565, CVE-2014-0566, CVE-2014-0567, CVE-2014-0568 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 August 12 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe AIR Security Bypass Vulnerability Jan14 (Windows)
- Adobe Air Remote Code Execution Vulnerability -June13 (Mac OS X)