Summary
This host is installed with Adobe products and are prone to multiple memory corruption vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of the affected application or cause a denial of service.
Impact Level: Application
Solution
Upgrade to Adobe Reader version 9.5 or 10.1.2 or later.
Upgrade to Adobe Acrobat version 9.5 or 10.1.2 or later.
For updates refer to http://www.adobe.com/
Insight
The flaws are due to
- An unspecified error can be exploited to corrupt memory.
- A signedness error in rt3d.dll when parsing certain BMP image content can be exploited to cause a heap-based buffer overflow via a specially crafted BMP image embedded in a PDF document.
Affected
Adobe Reader versions 9.x through 9.4.7 and 10.x through 10.1.1 on MAC OS X Adobe Acrobat versions 9.x through 9.4.7 and 10.x through 10.1.1 on MAC OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Player Arbitrary Code Execution Vulnerability - 01 Feb14 (Mac OX S)
- 7T Interactive Graphical SCADA System Multiple Security Vulnerabilities
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)
- Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)