Summary
This host is installed with Adobe products and are prone to multiple memory corruption vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code in the context of the affected application or cause a denial of service.
Impact Level: Application
Solution
Upgrade to Adobe Reader version 9.5 or 10.1.2 or later.
Upgrade to Adobe Acrobat version 9.5 or 10.1.2 or later.
For updates refer to http://www.adobe.com/
Insight
The flaws are due to
- An unspecified error can be exploited to corrupt memory.
- A signedness error in rt3d.dll when parsing certain BMP image content can be exploited to cause a heap-based buffer overflow via a specially crafted BMP image embedded in a PDF document.
Affected
Adobe Reader versions 9.x through 9.4.7 and 10.x through 10.1.1 on MAC OS X Adobe Acrobat versions 9.x through 9.4.7 and 10.x through 10.1.1 on MAC OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2011-4370, CVE-2011-4371, CVE-2011-4372, CVE-2011-4373 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Adobe Flash Media Server Multiple Remote Security Vulnerabilities
- Adobe Air Multiple Vulnerabilities - November12 (Windows)
- Adobe AIR Multiple Vulnerabilities-01 Jun14 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Aastra IP Telephone Hardcoded Telnet Password Security Bypass Vulnerability