Vulnerabilities > CVE-2011-0570 - DLL Loading Arbitrary Code Execution vulnerability in Adobe Acrobat and Reader

CVSS 6.9 - MEDIUM

Attack vector

LOCAL

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

adobe

microsoft

nessus

NVD

Published: 2011-02-10

Updated: 2018-10-30

Summary

Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0562 and CVE-2011-0588. Per: http://cwe.mitre.org/data/definitions/426.html 'CWE-426: Untrusted Search Path'

Vulnerable Configurations

Part	Description	Count
Application	Adobe Adobe Acrobat Reader 8.0 Adobe Acrobat Reader 8.1 Adobe Acrobat Reader 8.1.1 Adobe Acrobat Reader 8.1.2 Adobe Acrobat Reader 8.1.4 Adobe Acrobat Reader 8.1.5 Adobe Acrobat Reader 8.1.6 Adobe Acrobat Reader 8.1.7 Adobe Acrobat Reader 8.2 Adobe Acrobat Reader 8.2.1 Adobe Acrobat Reader 8.2.2 Adobe Acrobat Reader 8.2.3 Adobe Acrobat Reader 8.2.4 Adobe Acrobat Reader 9.0 Adobe Acrobat Reader 9.1 Adobe Acrobat Reader 9.1.1 Adobe Acrobat Reader 9.1.2 Adobe Acrobat Reader 9.1.3 Adobe Acrobat Reader 9.2 Adobe Acrobat Reader 9.3 Adobe Acrobat Reader 9.3.1 Adobe Acrobat Reader 9.3.2 Adobe Acrobat Reader 9.3.3 Adobe Acrobat Reader 9.3.4 Adobe Acrobat Reader 9.4 Adobe Acrobat Reader 9.4.1 Adobe Acrobat Reader 10.0 Adobe Acrobat 8.0 Adobe Acrobat 8.1 Adobe Acrobat 8.1.1 Adobe Acrobat 8.1.2 Adobe Acrobat 8.1.3 Adobe Acrobat 8.1.4 Adobe Acrobat 8.1.5 Adobe Acrobat 8.1.6 Adobe Acrobat 8.1.7 Adobe Acrobat 8.2 Adobe Acrobat 8.2.1 Adobe Acrobat 8.2.2 Adobe Acrobat 8.2.3 Adobe Acrobat 8.2.4 Adobe Acrobat 9.0 Adobe Acrobat 9.1 Adobe Acrobat 9.1.1 Adobe Acrobat 9.1.2 Adobe Acrobat 9.1.3 Adobe Acrobat 9.2 Adobe Acrobat 9.3 Adobe Acrobat 9.3.1 Adobe Acrobat 9.3.2 Adobe Acrobat 9.3.3 Adobe Acrobat 9.3.4 Adobe Acrobat 9.4 Adobe Acrobat 9.4.1 Adobe Acrobat 10.0	55
OS	Microsoft Microsoft Windows *	1

Nessus

NASL family	Windows
NASL id	ADOBE_ACROBAT_APSB11-03.NASL
description	The version of Adobe Acrobat installed on the remote host is earlier than 10.0.1 / 9.4.2 / 8.2.5. Such versions are reportedly affected by multiple vulnerabilities : - Multiple input validation vulnerability exist that could lead to code execution. (CVE-2010-4091, CVE-2011-0586, CVE-2011-0587, CVE-2011-0604) - Multiple library loading vulnerabilities exist that could lead to code execution. (CVE-2011-0562, CVE-2011-0570, CVE-2011-0575, CVE-2011-0588) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0563, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0589, CVE-2011-0606, CVE-2011-0607, CVE-2011-0608) - A Windows-only file permissions issue exists that could lead to privilege escalation. (CVE-2011-0564) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0565) - Multiple image-parsing memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0566, CVE-2011-0567, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0602, CVE-2011-0603) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0585) - Multiple 3D file parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, CVE-2011-0600) - Multiple font parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0594, CVE-2011-0577) - An integer overflow vulnerability exists that could lead to code execution. (CVE-2011-0558)
last seen	2020-06-01
modified	2020-06-02
plugin id	51924
published	2011-02-09
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51924
title	Adobe Acrobat < 10.0.1 / 9.4.2 / 8.2.5 Multiple Vulnerabilities (APSB11-03)
code	# # (C) Tenable Network Security, Inc. # if (NASL_LEVEL < 3000) exit(0); include('compat.inc'); if (description) { script_id(51924); script_version("1.19"); script_cvs_date("Date: 2018/11/15 20:50:26"); script_cve_id("CVE-2010-4091", "CVE-2011-0558", "CVE-2011-0559", "CVE-2011-0560", "CVE-2011-0561", "CVE-2011-0562", "CVE-2011-0563", "CVE-2011-0564", "CVE-2011-0565", "CVE-2011-0566", "CVE-2011-0567", "CVE-2011-0570", "CVE-2011-0571", "CVE-2011-0572", "CVE-2011-0573", "CVE-2011-0574", "CVE-2011-0575", "CVE-2011-0577", "CVE-2011-0578", "CVE-2011-0585", "CVE-2011-0586", "CVE-2011-0587", "CVE-2011-0588", "CVE-2011-0589", "CVE-2011-0590", "CVE-2011-0591", "CVE-2011-0592", "CVE-2011-0593", "CVE-2011-0594", "CVE-2011-0595", "CVE-2011-0596", "CVE-2011-0598", "CVE-2011-0599", "CVE-2011-0600", "CVE-2011-0602", "CVE-2011-0603", "CVE-2011-0604", "CVE-2011-0606", "CVE-2011-0607", "CVE-2011-0608"); script_bugtraq_id( 44638, 46186, 46187, 46188, 46189, 46190, 46191, 46192, 46193, 46194, 46195, 46196, 46197, 46198, 46199, 46201, 46202, 46204, 46207, 46208, 46209, 46210, 46211, 46212, 46213, 46214, 46216, 46217, 46218, 46219, 46220, 46221, 46222, 46251, 46252, 46254, 46255, 46257, 46282, 46283 ); script_name(english:"Adobe Acrobat < 10.0.1 / 9.4.2 / 8.2.5 Multiple Vulnerabilities (APSB11-03)"); script_summary(english:"Checks version of Adobe Acrobat"); script_set_attribute(attribute:"synopsis",value: "The version of Adobe Acrobat on the remote Windows host is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description",value: "The version of Adobe Acrobat installed on the remote host is earlier than 10.0.1 / 9.4.2 / 8.2.5. Such versions are reportedly affected by multiple vulnerabilities : - Multiple input validation vulnerability exist that could lead to code execution. (CVE-2010-4091, CVE-2011-0586, CVE-2011-0587, CVE-2011-0604) - Multiple library loading vulnerabilities exist that could lead to code execution. (CVE-2011-0562, CVE-2011-0570, CVE-2011-0575, CVE-2011-0588) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0563, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0589, CVE-2011-0606, CVE-2011-0607, CVE-2011-0608) - A Windows-only file permissions issue exists that could lead to privilege escalation. (CVE-2011-0564) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0565) - Multiple image-parsing memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0566, CVE-2011-0567, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0602, CVE-2011-0603) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0585) - Multiple 3D file parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, CVE-2011-0600) - Multiple font parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0594, CVE-2011-0577) - An integer overflow vulnerability exists that could lead to code execution. (CVE-2011-0558)"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-065/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-066/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-067/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-068/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-069/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-070/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-071/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-072/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-073/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-074/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-075/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-077/"); script_set_attribute(attribute:"see_also", value:"https://www.zerodayinitiative.com/advisories/ZDI-11-081/"); script_set_attribute(attribute:"see_also", value:"http://www.adobe.com/support/security/bulletins/apsb11-03.html"); script_set_attribute(attribute:"solution", value:"Upgrade to Adobe Acrobat 8.2.6 / 9.4.2 / 10.0.1 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/02/08"); script_set_attribute(attribute:"patch_publication_date", value:"2011/02/08"); script_set_attribute(attribute:"plugin_publication_date", value:"2011/02/09"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:adobe:acrobat"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:'Windows'); script_copyright(english:"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc."); script_dependencies('adobe_acrobat_installed.nasl'); script_require_keys('SMB/Acrobat/Version'); exit(0); } include("global_settings.inc"); include("misc_func.inc"); version = get_kb_item_or_exit("SMB/Acrobat/Version"); version_ui = get_kb_item('SMB/Acrobat/Version_UI'); if (isnull(version_ui)) version_report = version; else version_report = version_ui; ver = split(version, sep:'.', keep:FALSE); for (i=0; i<max_index(ver); i++) ver[i] = int(ver[i]); if ( (ver[0] < 8) \|\| (ver[0] == 8 && ver[1] < 2) \|\| (ver[0] == 8 && ver[1] == 2 && ver[2] < 6) \|\| (ver[0] == 9 && ver[1] < 4) \|\| (ver[0] == 9 && ver[1] == 4 && ver[2] < 2) \|\| (ver[0] == 10 && ver[1] == 0 && ver[2] < 1) ) { if (report_verbosity > 0) { path = get_kb_item('SMB/Acrobat/Path'); if (isnull(path)) path = 'n/a'; report = '\n Path : '+path+ '\n Installed version : '+version_report+ '\n Fixed version : 8.2.6 / 9.4.2 / 10.0.1\n'; security_hole(port:get_kb_item('SMB/transport'), extra:report); } else security_hole(get_kb_item('SMB/transport')); } else exit(0, "The host is not affected since Adobe Acrobat "+version_report+" is installed.");

NASL family	SuSE Local Security Checks
NASL id	SUSE_ACROREAD_JA-7359.NASL
description	Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608.)
last seen	2020-06-01
modified	2020-06-02
plugin id	52568
published	2011-03-07
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52568
title	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7359)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_ACROREAD_JA-110301.NASL
description	Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608)
last seen	2020-06-01
modified	2020-06-02
plugin id	52566
published	2011-03-07
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52566
title	SuSE 11.1 Security Update : acroread_ja (SAT Patch Number 4058)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201201-19.NASL
description	The remote host is affected by the vulnerability described in GLSA-201201-19 (Adobe Reader: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader, possibly resulting in the remote execution of arbitrary code, a Denial of Service, or other impact. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	57745
published	2012-01-31
reporter	This script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/57745
title	GLSA-201201-19 : Adobe Reader: Multiple vulnerabilities

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_3_ACROREAD-110302.NASL
description	Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.2 to address the issues. (CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0606, CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)
last seen	2020-06-01
modified	2020-06-02
plugin id	75421
published	2014-06-13
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/75421
title	openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)

NASL family	Windows
NASL id	ADOBE_READER_APSB11-03.NASL
description	The version of Adobe Reader installed on the remote host is earlier than 10.0.1 / 9.4.2 / 8.2.6. Such versions are reportedly affected by multiple vulnerabilities : - Multiple input validation vulnerability exist that could lead to code execution. (CVE-2010-4091, CVE-2011-0586, CVE-2011-0587, CVE-2011-0604) - Multiple library loading vulnerabilities exist that could lead to code execution. (CVE-2011-0562, CVE-2011-0570, CVE-2011-0575, CVE-2011-0588) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0563, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0578, CVE-2011-0589, CVE-2011-0606, CVE-2011-0607, CVE-2011-0608) - A Windows-only file permissions issue exists that could lead to privilege escalation. (CVE-2011-0564) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0565) - Multiple image-parsing memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-0566, CVE-2011-0567, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0602, CVE-2011-0603) - An unspecified vulnerability exists that could cause the application to crash or potentially lead to code execution. (CVE-2011-0585) - Multiple 3D file parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, CVE-2011-0600) - Multiple font parsing input validation vulnerabilities exist that could lead to code execution. (CVE-2011-0594, CVE-2011-0577) - An integer overflow vulnerability exists that could lead to code execution. (CVE-2011-0558)
last seen	2020-06-01
modified	2020-06-02
plugin id	51925
published	2011-02-09
reporter	This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/51925
title	Adobe Reader < 10.0.1 / 9.4.2 / 8.2.6 Multiple Vulnerabilities (APSB11-03)

NASL family	SuSE Local Security Checks
NASL id	SUSE_ACROREAD-7358.NASL
description	Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608.)
last seen	2020-06-01
modified	2020-06-02
plugin id	52567
published	2011-03-07
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52567
title	SuSE 10 Security Update : acroread (ZYPP Patch Number 7358)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_2_ACROREAD-110302.NASL
description	Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code. acroread was updated to version 9.4.2 to address the issues. (CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0606, CVE-2011-0558, CVE-2011-0559, CVE-2011-0560, CVE-2011-0561, CVE-2011-0571, CVE-2011-0572, CVE-2011-0573, CVE-2011-0574, CVE-2011-0575, CVE-2011-0577, CVE-2011-0578, CVE-2011-0607, CVE-2011-0608)
last seen	2020-06-01
modified	2020-06-02
plugin id	53693
published	2011-05-05
reporter	This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/53693
title	openSUSE Security Update : acroread (openSUSE-SU-2011:0156-1)

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_ACROREAD-110301.NASL
description	Specially crafted PDF documents can crash acroread or lead to execution of arbitrary code. Acroread has been updated to version 9.4.2 to address the issues (CVE-2010-4091 / CVE-2011-0562 / CVE-2011-0563 / CVE-2011-0565 / CVE-2011-0566 / CVE-2011-0567 / CVE-2011-0570 / CVE-2011-0585 / CVE-2011-0586 / CVE-2011-0587 / CVE-2011-0588 / CVE-2011-0589 / CVE-2011-0590 / CVE-2011-0591 / CVE-2011-0592 / CVE-2011-0593 / CVE-2011-0594 / CVE-2011-0595 / CVE-2011-0596 / CVE-2011-0598 / CVE-2011-0599 / CVE-2011-0600 / CVE-2011-0602 / CVE-2011-0603 / CVE-2011-0604 / CVE-2011-0606 / CVE-2011-0558 / CVE-2011-0559 / CVE-2011-0560 / CVE-2011-0561 / CVE-2011-0571 / CVE-2011-0572 / CVE-2011-0573 / CVE-2011-0574 / CVE-2011-0575 / CVE-2011-0577 / CVE-2011-0578 / CVE-2011-0607 / CVE-2011-0608)
last seen	2020-06-01
modified	2020-06-02
plugin id	52565
published	2011-03-07
reporter	This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/52565
title	SuSE 11.1 Security Update : acroread (SAT Patch Number 4057)

Oval

accepted

2013-06-10T04:00:10.575-04:00

class

vulnerability

contributors

name SecPod Team
organization SecPod Technologies
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Sergey Artykhov
organization ALTX-SOFT
name Shane Shaffer
organization G2, Inc.
name Sergey Artykhov
organization ALTX-SOFT

definition_extensions

comment Adobe Acrobat 10.x is installed
oval oval:org.mitre.oval:def:11989
comment Adobe Reader 10.x is installed
oval oval:org.mitre.oval:def:12283
comment Adobe Acrobat 9 Series is installed
oval oval:org.mitre.oval:def:6013
comment Adobe Reader 9 Series is installed
oval oval:org.mitre.oval:def:6523
comment Adobe Reader 8 Series is installed
oval oval:org.mitre.oval:def:6390
comment Adobe Acrobat 8 Series is installed
oval oval:org.mitre.oval:def:6452

description

family

windows

oval:org.mitre.oval:def:12262

status

accepted

submitted

2011-03-28T16:14:59

title

Library-loading vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6

version

Summary

Vulnerable Configurations

Nessus

Oval

References