Summary
This host is installed with Adobe Reader and is prone to denial of service and code execution vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary code or cause a denial of service.
Impact Level: System/Application
Solution
Upgrade to Adobe Reader 8.2.5 or 9.4 or later. For updates refer to http://get.adobe.com/reader
Insight
Flaws exist due to,
- An array-indexing error when parsing protocol handler parameters.
- An input validation error when parsing images.
- Improper sanitization of certain unspecified user-supplied input.
Affected
Adobe Reader version 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X.
Detection
Get the installed version with the help of detect NVT and check the version is vulnerable or not.
References
Severity
Classification
-
CVE CVE-2010-3623, CVE-2010-3624, CVE-2010-3631 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe Air and Flash Player Multiple Vulnerabilities (Mac OS X)
- Adobe Acrobat Multiple Vulnerabilities April-2012 (Windows)
- Adobe Flash Player Buffer Overflow Vulnerability - Apr14 (Windows)
- Adobe Acrobat Multiple Unspecified Vulnerabilities -01 Feb13 (Mac OS X)
- Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)