Summary
This host is installed with Adobe Reader and is prone to multiple vulnerabilities.
Impact
Successful exploitation will let attackers to bypass certain security restrictions, execute arbitrary code via unspecified vectors or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader version 9.5.1 or 10.1.3 on later, For updates refer to http://www.adobe.com
Insight
The flaws are due to
- An unspecified error when handling JavaScript/JavaScript API can be exploited to corrupt memory.
- An integer overflow error when handling True Type Font (TTF) can be exploited to corrupt memory.
- The application loads executables (msiexec.exe) in an insecure manner.
Affected
Adobe Reader version 9.x to 9.5 and prior and 10.x to 10.1.2 on Windows
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2012-0774, CVE-2012-0775, CVE-2012-0776 -
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe AIR Security Bypass Vulnerability Jan14 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -01 April 13 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Windows)