Adobe Reader Denial Of Service & Code Execution Vulnerabilities (Mac OS X) Network Vulnerability

Summary

This host is installed with Adobe Reader and is prone to denial of service and code execution vulnerabilities.

Impact

Successful exploitation will allow attackers to execute arbitrary code or cause a denial of service. Impact Level: System/Application

Solution

Upgrade to Adobe Reader 8.2.5 or 9.4 or later. For updates refer to http://get.adobe.com/reader

Insight

Flaws exist due to, - An array-indexing error when parsing protocol handler parameters. - An input validation error when parsing images. - Improper sanitization of certain unspecified user-supplied input.

Affected

Adobe Reader version 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X.

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://secunia.com/advisories/41435
http://www.adobe.com/support/security/bulletins/apsb10-21.html
http://www.osvdb.com/68423
http://www.osvdb.com/68424
http://www.osvdb.com/68431

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-3623, CVE-2010-3624, CVE-2010-3631

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
Adobe Air Multiple Vulnerabilities - December12 (Windows)
Adobe Acrobat and Reader PDF Handling Code Execution Vulnerability (Mac OS X)
Adobe Acrobat Multiple Vulnerabilities-01 Dec14 (Windows)
Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)

Adobe Reader Denial of Service & Code Execution Vulnerabilities (Mac OS X)

Take action and discover your vulnerabilities