Summary
This host is installed with Adobe Reader/Flash player and is prone to Content Code Execution Vulnerability.
Impact
Successful exploitation will let attackers to corrupt memory and execute arbitrary code on the system with elevated privileges.
Impact Level: System/Application
Solution
Upgrade to Adobe Flash version 10.1.85.3 or later and Adobe Reader version 9.4 or later. For details refer, http://www.adobe.com/downloads/
Insight
The flaw is caused by an unspecified error when processing malformed 'Flash' or '3D' and 'Multimedia' content within a PDF document, which could be exploited by attackers to execute arbitrary code by convincing a user to open a specially crafted PDF file.
Affected
Adobe Reader version 9.3.4 and before on Linux.
Adobe Flash Player version 10.1.82.76 and before on Linux.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-2884 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
- Adobe ExtendedScript Toolkit (ESTK) Insecure Library Loading Vulnerability (Win)
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)