Adobe Reader 'printSeps()' Function Heap Corruption Vulnerability Network Vulnerability

Summary

This host is installed with Adobe Reader and is prone to heap corruption Vulnerability

Impact

Successful exploitation will let attackers to crash an affected application or compromise a vulnerable system by tricking a user into opening a specially crafted PDF file. Impact Level: Application

Solution

Upgrade to Adobe Reader/Acrobat version 9.4.1 or later, For updates refer to http://www.adobe.com

Insight

This issue is caused by a heap corruption error in the 'EScript.api' plugin when processing the 'printSeps()' function within a PDF document.

Affected

Adobe Reader version 8.x to 8.1.7 and 9.x before 9.4.1 on Linux

Detection

Get the installed version with the help of detect NVT and check the version is vulnerable or not.

References

http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://secunia.com/advisories/42095
http://www.exploit-db.com/exploits/15419/
http://www.osvdb.com/69005
http://www.vupen.com/english/advisories/2010/2890
http://xforce.iss.net/xforce/xfdb/62996

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-4091
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe AIR Multiple Vulnerabilities-01 Sep13 (Mac OS X)
Adobe AIR Multiple Vulnerabilities(APSB14-22)-(Windows)
Adobe Air Code Execution and DoS Vulnerabilities (MAC OS X)
Adobe Acrobat Multiple Unspecified Vulnerabilities-01 Sep13 (Windows)
Adobe Air Code Execution and DoS Vulnerabilities (Windows)

Take action and discover your vulnerabilities