Vulnerabilities > CVE-2011-1353 - Local Privilege Escalation vulnerability in Adobe Acrobat and Reader
Attack vector
LOCAL Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 5 | |
| OS | 1 |
Nessus
NASL family SuSE Local Security Checks NASL id SUSE_11_ACROREAD-111111.NASL description acrobat reader was updated to version 9.4.6 to fix several security issues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433 / CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 / CVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 / CVE-2011-2442) last seen 2020-06-01 modified 2020-06-02 plugin id 57087 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57087 title SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412) NASL family SuSE Local Security Checks NASL id SUSE_11_4_ACROREAD-111111.NASL description acrobat reader was updated to version 9.4.6 to fix several security issues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442) last seen 2020-06-01 modified 2020-06-02 plugin id 75783 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75783 title openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1) NASL family Windows NASL id ADOBE_READER_APSB11-24.NASL description The version of Adobe Reader installed on the remote Windows host is earlier than 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially affected by the following vulnerabilities : - An unspecified error exists that allows local privilege escalation attacks. (CVE-2011-1353) - An unspecified error exists that can allow an attacker to bypass security leading to code execution. (CVE-2011-2431) - Several errors exist that allow buffer overflows leading to code execution. (CVE-2011-2432, CVE-2011-2435) - Several errors exist that allow heap overflows leading to code execution. (CVE-2011-2433, CVE-2011-2434, CVE-2011-2436, CVE-2011-2437) - Several errors exist that allow stack overflows leading to code execution. (CVE-2011-2438) - An error exists that can allow memory leaks leading to code execution. (CVE-2011-2439) - A use-after-free error exists that can allow code exection. (CVE-2011-2440) - Several errors exist in the last seen 2020-06-01 modified 2020-06-02 plugin id 56198 published 2011-09-14 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56198 title Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24) NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_FA2F386F481411E189B4001EC9578670.NASL description The Adobe Security Team reports : An unspecified vulnerability in the U3D component allows remote attackers to execute arbitrary code (or cause a denial of service attack) via unknown vectors. A heap-based buffer overflow allows attackers to execute arbitrary code via unspecified vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 57705 published 2012-01-27 reporter This script is Copyright (C) 2012-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/57705 title FreeBSD : acroread9 -- Multiple Vulnerabilities (fa2f386f-4814-11e1-89b4-001ec9578670) NASL family SuSE Local Security Checks NASL id SUSE_11_3_ACROREAD-111111.NASL description acrobat reader was updated to version 9.4.6 to fix several security issues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442) last seen 2020-06-01 modified 2020-06-02 plugin id 75422 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75422 title openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1) NASL family MacOS X Local Security Checks NASL id MACOSX_ADOBE_READER_APSB11-24.NASL description The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1.1, 9.4.6, or 8.3.1. It is, therefore, affected by the following vulnerabilities : - An unspecified error exists that allows an attacker to bypass security restrictions, resulting in code execution. (CVE-2011-2431) - Multiple buffer overflow conditions exists that allow an attacker to execute arbitrary code. (CVE-2011-2432, CVE-2011-2435) - Multiple heap overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2011-2433, CVE-2011-2434, CVE-2011-2436, CVE-2011-2437) - Multiple stack overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2011-2438) - An error exists related to memory leak issues that allows an attacker to execute arbitrary code. (CVE-2011-2439) - A use-after-free error exists that allows an attacker to execute arbitrary code. (CVE-2011-2440) - Multiple errors exist in the CoolType.dll library that can allow stack overflow conditions, resulting in code execution. (CVE-2011-2441) - A logic error exists that allows an attacker to execute arbitrary code. (CVE-2011-2442) - Multiple vulnerabilities exist, as noted in APSB11-21, that can allow an attacker to take control of the affected system or cause the application to crash. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, CVE-2011-2424) Note that Nessus has not tested for these issues but has instead relied only on the application last seen 2020-06-01 modified 2020-06-02 plugin id 56199 published 2011-09-14 reporter This script is Copyright (C) 2011-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/56199 title Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24, APSB11-26) (Mac OS X) NASL family SuSE Local Security Checks NASL id OPENSUSE-2011-54.NASL description acrobat reader was updated to version 9.4.6 to fix several security issues last seen 2020-06-01 modified 2020-06-02 plugin id 74527 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/74527 title openSUSE Security Update : acroread (openSUSE-2011-54) NASL family SuSE Local Security Checks NASL id SUSE_ACROREAD-7833.NASL description Acrobat reader was updated to version 9.4.6 to fix several security issues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433 / CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 / CVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 / CVE-2011-2442) last seen 2020-06-01 modified 2020-06-02 plugin id 57154 published 2011-12-13 reporter This script is Copyright (C) 2011-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57154 title SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)
Oval
| accepted | 2013-02-11T04:00:59.144-05:00 | ||||||||
| class | vulnerability | ||||||||
| contributors |
| ||||||||
| definition_extensions |
| ||||||||
| description | Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. | ||||||||
| family | windows | ||||||||
| id | oval:org.mitre.oval:def:14177 | ||||||||
| status | accepted | ||||||||
| submitted | 2011-11-04T14:33:09.000-05:00 | ||||||||
| title | Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors. | ||||||||
| version | 6 |
Seebug
| bulletinFamily | exploit |
| description | No description provided by source. |
| id | SSV:20939 |
| last seen | 2017-11-19 |
| modified | 2011-09-18 |
| published | 2011-09-18 |
| reporter | Root |
| source | https://www.seebug.org/vuldb/ssvid-20939 |
| title | Adobe Reader X Sandbox Bypass Vulnerability |
References
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html
- http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html
- http://www.adobe.com/support/security/bulletins/apsb11-24.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14177