Summary
This host is installed with Adobe Reader and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass certain security restrictions, execute arbitrary code via unspecified vectors or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader version 9.5.1 or later,
For updates refer to http://www.adobe.com/
Insight
The flaws are due to
- An unspecified error when handling JavaScript/JavaScript API can be exploited to corrupt memory.
- An integer overflow error when handling True Type Font (TTF) can be exploited to corrupt memory.
- The application loads executables (msiexec.exe) in an insecure manner.
Affected
Adobe Reader version 9.x to 9.4.6 on Linux
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-0774, CVE-2012-0775, CVE-2012-0776, CVE-2012-0777 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
- Adobe AIR Multiple Vulnerabilities-01 Dec13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities - October 12 (Mac OS X)