ID SECURITYVULNS:DOC:27231 Type securityvulns Reporter Securityvulns Modified 2011-10-31T00:00:00
Description
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote
Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-310
October 26, 2011
-- CVE ID:
CVE-2011-2441
-- CVSS:
7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Reader. User interaction is required
to exploit this vulnerability in that the target must visit a malicious
page or open a malicious file.
The specific flaw exists within the way Adobe Reader handles compound
glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign
extension occurs resulting in a buffer under-read. Simple glyphs are
checked when Adobe Reader parses the font info, but the value for
'numberOfContours' in an compound glyph is the sum of all its child
glyphs, and this is not checked. This could result in remote code
execution under the context of the current user.
-- Vendor Response:
Adobe has issued an update to correct this vulnerability. More details
can be found at:
-- Disclosure Timeline:
2011-07-20 - Vulnerability reported to vendor
2011-10-26 - Coordinated public release of advisory
-- Credit:
This vulnerability was discovered by:
binaryproof
-- About the Zero Day Initiative (ZDI):
Established by TippingPoint, The Zero Day Initiative (ZDI) represents
a best-of-breed model for rewarding security researchers for responsibly
disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research
through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is
used. TippingPoint does not re-sell the vulnerability details or any
exploit code. Instead, upon notifying the affected product vendor,
TippingPoint provides its customers with zero day protection through
its intrusion prevention technology. Explicit details regarding the
specifics of the vulnerability are not exposed to any parties until
an official vendor patch is publicly available. Furthermore, with the
altruistic aim of helping to secure a broader user base, TippingPoint
provides this vulnerability information confidentially to security
vendors (including competitors) who have a vulnerability protection or
mitigation product.
Our vulnerability disclosure policy is available online at:
{"id": "SECURITYVULNS:DOC:27231", "bulletinFamily": "software", "title": "ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability", "description": "ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote\r\nCode Execution Vulnerability\r\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-310\r\nOctober 26, 2011\r\n\r\n-- CVE ID:\r\nCVE-2011-2441\r\n\r\n-- CVSS:\r\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\r\n\r\n-- Affected Vendors:\r\n\r\nAdobe\r\n\r\n\r\n\r\n-- Affected Products:\r\n\r\nAdobe Reader\r\n\r\n\r\n\r\n-- Vulnerability Details:\r\nThis vulnerability allows remote attackers to execute arbitrary code on\r\nvulnerable installations of Adobe Reader. User interaction is required\r\nto exploit this vulnerability in that the target must visit a malicious\r\npage or open a malicious file.\r\n\r\nThe specific flaw exists within the way Adobe Reader handles compound\r\nglyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign\r\nextension occurs resulting in a buffer under-read. Simple glyphs are\r\nchecked when Adobe Reader parses the font info, but the value for\r\n'numberOfContours' in an compound glyph is the sum of all its child\r\nglyphs, and this is not checked. This could result in remote code\r\nexecution under the context of the current user.\r\n\r\n-- Vendor Response:\r\n\r\nAdobe has issued an update to correct this vulnerability. More details\r\ncan be found at:\r\n\r\nhttp://www.adobe.com/support/security/bulletins/apsb11-24.html\r\n\r\n\r\n\r\n-- Disclosure Timeline:\r\n2011-07-20 - Vulnerability reported to vendor\r\n2011-10-26 - Coordinated public release of advisory\r\n\r\n-- Credit:\r\nThis vulnerability was discovered by:\r\n\r\n* binaryproof\r\n\r\n\r\n\r\n-- About the Zero Day Initiative (ZDI):\r\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\r\na best-of-breed model for rewarding security researchers for responsibly\r\ndisclosing discovered vulnerabilities.\r\n\r\nResearchers interested in getting paid for their security research\r\nthrough the ZDI can find more information and sign-up at:\r\n\r\n http://www.zerodayinitiative.com\r\n\r\nThe ZDI is unique in how the acquired vulnerability information is\r\nused. TippingPoint does not re-sell the vulnerability details or any\r\nexploit code. Instead, upon notifying the affected product vendor,\r\nTippingPoint provides its customers with zero day protection through\r\nits intrusion prevention technology. Explicit details regarding the\r\nspecifics of the vulnerability are not exposed to any parties until\r\nan official vendor patch is publicly available. Furthermore, with the\r\naltruistic aim of helping to secure a broader user base, TippingPoint\r\nprovides this vulnerability information confidentially to security\r\nvendors (including competitors) who have a vulnerability protection or\r\nmitigation product.\r\n\r\nOur vulnerability disclosure policy is available online at:\r\n\r\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\r\n\r\nFollow the ZDI on Twitter:\r\n\r\n http://twitter.com/thezdi\r\n", "published": "2011-10-31T00:00:00", "modified": "2011-10-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27231", "reporter": "Securityvulns", "references": [], "cvelist": ["CVE-2011-2441"], "type": "securityvulns", "lastseen": "2018-08-31T11:10:42", "edition": 1, "viewCount": 2, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2018-08-31T11:10:42", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2011-2441"]}, {"type": "seebug", "idList": ["SSV:23132"]}, {"type": "zdi", "idList": ["ZDI-11-284", "ZDI-11-310"]}, {"type": "openvas", "idList": ["OPENVAS:70746", "OPENVAS:136141256231070746", "OPENVAS:136141256231070820", "OPENVAS:1361412562310802168", "OPENVAS:1361412562310802167", "OPENVAS:850173", "OPENVAS:1361412562310850173", "OPENVAS:70820", "OPENVAS:1361412562310802166"]}, {"type": "suse", "idList": ["SUSE-SU-2011:1239-1", "OPENSUSE-SU-2011:1238-1", "SUSE-SA:2011:044"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:27022", "SECURITYVULNS:VULN:11911"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-201201-19.NASL", "ADOBE_ACROBAT_APSB11-24.NASL", "SUSE_11_ACROREAD-111111.NASL", "ADOBE_READER_APSB11-24.NASL", "OPENSUSE-2011-54.NASL", "MACOSX_ADOBE_READER_APSB11-24.NASL", "SUSE_ACROREAD-7833.NASL", "SUSE_11_4_ACROREAD-111111.NASL", "SUSE_11_3_ACROREAD-111111.NASL", "FREEBSD_PKG_FA2F386F481411E189B4001EC9578670.NASL"]}, {"type": "freebsd", "idList": ["FA2F386F-4814-11E1-89B4-001EC9578670"]}, {"type": "gentoo", "idList": ["GLSA-201201-19"]}], "modified": "2018-08-31T11:10:42", "rev": 2}, "vulnersScore": 8.6}, "affectedSoftware": []}
{"cve": [{"lastseen": "2020-10-03T11:39:29", "description": "Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.", "edition": 3, "cvss3": {}, "published": "2011-09-15T12:26:00", "title": "CVE-2011-2441", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2011-2441"], "modified": "2017-09-19T01:33:00", "cpe": ["cpe:/a:adobe:acrobat:8.1.6", "cpe:/a:adobe:acrobat:10.0.3", "cpe:/a:adobe:acrobat_reader:9.1.3", "cpe:/a:adobe:acrobat:9.1", "cpe:/a:adobe:acrobat_reader:8.3", "cpe:/a:adobe:acrobat:9.3.2", "cpe:/a:adobe:acrobat_reader:8.2.6", "cpe:/a:adobe:acrobat:9.4.3", "cpe:/a:adobe:acrobat_reader:9.4.1", "cpe:/a:adobe:acrobat:9.3", "cpe:/a:adobe:acrobat_reader:8.2", "cpe:/a:adobe:acrobat:10.0", "cpe:/a:adobe:acrobat_reader:9.3.1", "cpe:/a:adobe:acrobat_reader:10.0.2", "cpe:/a:adobe:acrobat_reader:9.4.2", "cpe:/a:adobe:acrobat:9.1.1", "cpe:/a:adobe:acrobat:8.1.2", "cpe:/a:adobe:acrobat:9.3.3", "cpe:/a:adobe:acrobat_reader:9.3.2", "cpe:/a:adobe:acrobat_reader:9.4.3", "cpe:/a:adobe:acrobat:9.0", "cpe:/a:adobe:acrobat_reader:8.1.5", "cpe:/a:adobe:acrobat:10.0.2", "cpe:/a:adobe:acrobat:9.4.2", "cpe:/a:adobe:acrobat:10.0.1", "cpe:/a:adobe:acrobat_reader:9.3", "cpe:/a:adobe:acrobat_reader:8.2.4", "cpe:/a:adobe:acrobat:9.4", "cpe:/a:adobe:acrobat:9.2", "cpe:/a:adobe:acrobat:8.2.1", "cpe:/a:adobe:acrobat:9.1.2", "cpe:/a:adobe:acrobat:8.1", "cpe:/a:adobe:acrobat:8.2", "cpe:/a:adobe:acrobat_reader:9.3.3", "cpe:/a:adobe:acrobat_reader:10.0.3", "cpe:/a:adobe:acrobat:9.1.3", "cpe:/a:adobe:acrobat:8.1.4", "cpe:/a:adobe:acrobat:8.2.4", "cpe:/a:adobe:acrobat_reader:9.3.4", "cpe:/a:adobe:acrobat_reader:9.2", "cpe:/a:adobe:acrobat_reader:9.4", "cpe:/a:adobe:acrobat_reader:9.4.4", "cpe:/a:adobe:acrobat:9.4.4", "cpe:/a:adobe:acrobat_reader:8.1.6", "cpe:/a:adobe:acrobat_reader:10.0", "cpe:/a:adobe:acrobat:10.1", "cpe:/a:adobe:acrobat_reader:8.2.2", "cpe:/a:adobe:acrobat_reader:9.0", "cpe:/a:adobe:acrobat_reader:8.1.3", "cpe:/a:adobe:acrobat:9.4.5", "cpe:/a:adobe:acrobat:8.2.5", "cpe:/a:adobe:acrobat:8.1.5", "cpe:/a:adobe:acrobat:8.0", "cpe:/a:adobe:acrobat:8.2.2", "cpe:/a:adobe:acrobat:8.1.3", "cpe:/a:adobe:acrobat_reader:9.1.1", "cpe:/a:adobe:acrobat_reader:8.1.2", "cpe:/a:adobe:acrobat_reader:9.1", "cpe:/a:adobe:acrobat_reader:8.1.7", "cpe:/a:adobe:acrobat:8.1.1", "cpe:/a:adobe:acrobat_reader:8.2.3", "cpe:/a:adobe:acrobat:9.4.1", "cpe:/a:adobe:acrobat_reader:9.1.2", "cpe:/a:adobe:acrobat_reader:10.0.1", "cpe:/a:adobe:acrobat:8.1.7", "cpe:/a:adobe:acrobat_reader:8.1.1", "cpe:/a:adobe:acrobat:8.2.3", "cpe:/a:adobe:acrobat_reader:8.0", "cpe:/a:adobe:acrobat:8.2.6", "cpe:/a:adobe:acrobat:9.3.1", "cpe:/a:adobe:acrobat_reader:8.1.4", "cpe:/a:adobe:acrobat:9.3.4", "cpe:/a:adobe:acrobat_reader:8.2.1", "cpe:/a:adobe:acrobat_reader:8.1"], "id": "CVE-2011-2441", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-2441", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat:9.4.5:*:*:*:*:*:*:*", "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*"]}], "zdi": [{"lastseen": "2020-06-22T11:40:52", "bulletinFamily": "info", "cvelist": ["CVE-2011-2441"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles compound glyphs. When a glyph has more then 0x7FFF 'numberOfContours' a sign extension occurs resulting in a buffer under-read. Simple glyphs are checked when Adobe Reader parses the font info, but the value for 'numberOfContours' in an compound glyph is the sum of all its child glyphs, and this is not checked. This could result in remote code execution under the context of the current user.", "modified": "2011-06-22T00:00:00", "published": "2011-10-26T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-310/", "id": "ZDI-11-310", "title": "Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-22T11:39:55", "bulletinFamily": "info", "cvelist": ["CVE-2011-2441"], "edition": 3, "description": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe Reader handles Compound Glyphs. It is possible for an compound glyph to reference another compound glyph. When this happens the Reader fails to correctly count the number of child glyphs. The result is that the code reads a value from outside an array of valid values. This value is used as a counter for a loop that copies memory. This could result in remote code execution under trhe context of the current user.", "modified": "2011-06-22T00:00:00", "published": "2011-10-13T00:00:00", "href": "https://www.zerodayinitiative.com/advisories/ZDI-11-284/", "id": "ZDI-11-284", "title": "Adobe Reader Compound Glyphs Array Indexing Error Remote Code Execution Vulnerability", "type": "zdi", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "seebug": [{"lastseen": "2017-11-19T17:58:15", "description": "BUGTRAQ ID: 49581\r\nCVE ID: CVE-2011-2441\r\n\r\nAdobe Reader(\u4e5f\u88ab\u79f0\u4e3aAcrobat Reader)\u662f\u7f8e\u56fdAdobe\u516c\u53f8\u5f00\u53d1\u7684\u4e00\u6b3e\u4f18\u79c0\u7684PDF\u6587\u6863\u9605\u8bfb\u8f6f\u4ef6\u3002Acrobat\u662f1993\u5e74\u63a8\u51fa\u9488\u5bf9\u4f01\u4e1a\u3001\u6280\u672f\u4eba\u5458\u548c\u521b\u610f\u4e13\u4e1a\u4eba\u58eb\u7684\u7cfb\u5217\u4ea7\u54c1\uff0c\u4f7f\u667a\u80fd\u6587\u6863\u7684\u4f20\u9001\u548c\u534f\u4f5c\u66f4\u4e3a\u7075\u6d3b\u3001\u53ef\u9760\u548c\u5b89\u5168\u3002\r\n\r\nAdobe Acrobat\u548cReader\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u8fdc\u7a0b\u6808\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u6b64\u6f0f\u6d1e\u4ee5\u5f53\u524d\u7528\u6237\u6743\u9650\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\r\n\r\nAdobe Reader\u5904\u7406\u590d\u5408\u5b57\u578b\u65f6\u5b58\u5728\u7279\u5b9a\u6f0f\u6d1e\u3002\u5f53\u5b57\u578b\u591a\u4e8e0x7FFF "numberOfContours"\u65f6\uff0c\u4f1a\u51fa\u73b0\u7b7e\u540d\u6269\u5c55\uff0c\u9020\u6210\u7f13\u51b2\u533a\u4e0b\u6ea2\u3002\u5f53Reader\u89e3\u6790\u5b57\u4f53\u4fe1\u606f\u65f6\u4f1a\u68c0\u67e5\u7b80\u5355\u5b57\u578b\uff0c\u4f46\u662f\u590d\u5408\u5b57\u578b\u4e2d\u7684numberOfContours\u503c\u662f\u6240\u6709\u5b50\u5b57\u578b\u7684\u603b\u548c\u5e76\u4e0d\u88ab\u68c0\u67e5\uff0c\u8fd9\u5bfc\u81f4\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\n\nAdobe Acrobat 9.x\r\nAdobe Reader 9.x\n\u5382\u5546\u8865\u4e01\uff1a\r\n\r\nAdobe\r\n-----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\nhttp://www.adobe.com/support/security/", "published": "2011-10-27T00:00:00", "title": "Adobe Reader\u590d\u5408\u5b57\u578b\u7d22\u5f15\u7b7e\u540d\u6269\u5c55\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2011-2441"], "modified": "2011-10-27T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-23132", "id": "SSV:23132", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "openvas": [{"lastseen": "2020-04-27T19:22:59", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "This host is installed with Adobe Reader and is prone to multiple\nvulnerabilities.", "modified": "2020-04-23T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802167", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802167", "type": "openvas", "title": "Adobe Reader Multiple Vulnerabilities September-2011 (Linux)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader Multiple Vulnerabilities September-2011 (Linux)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802167\");\n script_version(\"2020-04-23T08:43:39+0000\");\n script_cve_id(\"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\",\n \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\",\n \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n script_bugtraq_id(49582, 49572, 49576, 49577, 49578, 49579, 49580, 49583,\n 49581, 49584, 49575, 49585);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-04-23 08:43:39 +0000 (Thu, 23 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_name(\"Adobe Reader Multiple Vulnerabilities September-2011 (Linux)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to memory corruptions, and buffer overflow errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code via\nunspecified vectors.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 9.x through 9.4.5\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Reader version 9.4.6 or later.\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"gb_adobe_prdts_detect_lin.nasl\");\n script_mandatory_keys(\"Adobe/Reader/Linux/Version\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n\nif(!readerVer = get_app_version(cpe:CPE)){\n exit(0);\n}\n\nif(readerVer =~ \"^9\")\n{\n if(version_in_range(version:readerVer, test_version:\"9.0\", test_version2:\"9.4.5\"))\n {\n report = report_fixed_ver(installed_version:readerVer, vulnerable_range:\"9.0 - 9.4.5\");\n security_message(port: 0, data: report);\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:41", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "This host is installed with Adobe Reader/Acrobat and is prone to multiple\nvulnerabilities.", "modified": "2018-10-20T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802168", "type": "openvas", "title": "Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Mac OS X)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_adobe_prdts_mult_vuln_sep11_macosx.nasl 11997 2018-10-20 11:59:41Z mmartin $\n#\n# Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Mac OS X)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802168\");\n script_version(\"$Revision: 11997 $\");\n script_cve_id(\"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\",\n \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\",\n \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n script_bugtraq_id(49582, 49572, 49576, 49577, 49578, 49579, 49580, 49583,\n 49581, 49584, 49575, 49585);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-20 13:59:41 +0200 (Sat, 20 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_name(\"Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Mac OS X)\");\n\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader/Acrobat and is prone to multiple\nvulnerabilities.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"insight\", value:\"Multiple flaws are due to memory corruptions, and buffer overflow errors.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code via\nunspecified vectors.\");\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.x through 8.3.0, 9.x through 9.4.5 and 10.x through 10.1\nAdobe Acrobat version 8.x through 8.3.0, 9.x through 9.4.5 and 10.x through 10.1\");\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat and Reader version 10.1.1, 9.4.6 or 8.3.1 or later.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_macosx.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader/MacOSX/Installed\");\n exit(0);\n}\n\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\n#CPE for adobe reader\nCPE = \"cpe:/a:adobe:acrobat_reader\";\n\nif(readerVer = get_app_version(cpe:CPE))\n{\n if(readerVer =~ \"^(8|9|10)\")\n {\n if(version_in_range(version:readerVer, test_version:\"10.0\", test_version2:\"10.1\") ||\n version_in_range(version:readerVer, test_version:\"9.0\", test_version2:\"9.4.5\") ||\n version_in_range(version:readerVer, test_version:\"8.0\", test_version2:\"8.3.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n }\n }\n}\n\nacrobatVer = get_kb_item(\"Adobe/Acrobat/MacOSX/Version\");\nif(acrobatVer)\n{\n if(version_in_range(version:acrobatVer, test_version:\"10.0\", test_version2:\"10.1\") ||\n version_in_range(version:acrobatVer, test_version:\"9.0\", test_version2:\"9.4.5\") ||\n version_in_range(version:acrobatVer, test_version:\"8.0\", test_version2:\"8.3.0\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" );\n exit(0);\n }\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-06-02T15:55:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "This host is installed with Adobe Reader/Acrobat and is prone to multiple\n vulnerabilities.", "modified": "2020-05-28T00:00:00", "published": "2011-10-28T00:00:00", "id": "OPENVAS:1361412562310802166", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310802166", "type": "openvas", "title": "Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)\n#\n# Authors:\n# Madhuri D <dmadhuri@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.802166\");\n script_version(\"2020-05-28T14:41:23+0000\");\n script_cve_id(\"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\",\n \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\",\n \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n script_bugtraq_id(49582, 49572, 49576, 49577, 49578, 49579, 49580, 49583,\n 49581, 49584, 49575, 49585);\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-05-28 14:41:23 +0000 (Thu, 28 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-10-28 16:17:13 +0200 (Fri, 28 Oct 2011)\");\n script_name(\"Adobe Reader and Acrobat Multiple Vulnerabilities September-2011 (Windows)\");\n\n script_tag(name:\"summary\", value:\"This host is installed with Adobe Reader/Acrobat and is prone to multiple\n vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple flaws are due to memory corruptions, and buffer overflow errors.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation will let attackers to execute arbitrary code via\n unspecified vectors.\");\n\n script_tag(name:\"affected\", value:\"Adobe Reader version 8.x through 8.3.0, 9.x through 9.4.5 and 10.x through 10.1\n\n Adobe Acrobat version 8.x through 8.3.0, 9.x through 9.4.5 and 10.x through 10.1\");\n\n script_tag(name:\"solution\", value:\"Upgrade to Adobe Acrobat and Reader version 10.1.1, 9.4.6 or 8.3.1 or later.\");\n\n script_tag(name:\"qod_type\", value:\"registry\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"General\");\n script_dependencies(\"secpod_adobe_prdts_detect_win.nasl\");\n script_mandatory_keys(\"Adobe/Air_or_Flash_or_Reader_or_Acrobat/Win/Installed\");\n exit(0);\n}\n\ninclude(\"host_details.inc\");\ninclude(\"version_func.inc\");\n\ncpe_list = make_list(\"cpe:/a:adobe:acrobat_reader\",\n \"cpe:/a:adobe:acrobat\");\n\nif(!infos = get_app_version_and_location_from_list(cpe_list:cpe_list, exit_no_version:TRUE))\n exit(0);\n\nvers = infos[\"version\"];\npath = infos[\"location\"];\n\nif(version_in_range(version:vers, test_version:\"10.0\", test_version2:\"10.1\") ||\n version_in_range(version:vers, test_version:\"9.0\", test_version2:\"9.4.5\") ||\n version_in_range(version:vers, test_version:\"8.0\", test_version2:\"8.3.0\")) {\n report = report_fixed_ver(installed_version:vers, fixed_version:\"10.1.1, 9.4.6 or 8.3.1\", install_path:path);\n security_message(port:0, data:report);\n exit(0);\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T18:42:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "The remote host is missing an update for the ", "modified": "2020-01-31T00:00:00", "published": "2011-12-05T00:00:00", "id": "OPENVAS:1361412562310850173", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310850173", "type": "openvas", "title": "SUSE: Security Advisory for acroread (SUSE-SA:2011:044)", "sourceData": "# Copyright (C) 2011 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.850173\");\n script_version(\"2020-01-31T08:40:24+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:40:24 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:16:18 +0530 (Mon, 05 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name:\"SUSE-SA\", value:\"2011-044\");\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\",\n \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\",\n \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\",\n \"CVE-2011-2442\");\n script_name(\"SUSE: Security Advisory for acroread (SUSE-SA:2011:044)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'acroread'\n package(s) announced via the referenced advisory.\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=(openSUSE11\\.4|openSUSE11\\.3)\");\n\n script_tag(name:\"impact\", value:\"remote code execution\");\n\n script_tag(name:\"affected\", value:\"acroread on openSUSE 11.3, openSUSE 11.4\");\n\n script_tag(name:\"insight\", value:\"acrobat reader was updated to version 9.4.6 to fix several security issues that\n could allow attackers to execute arbitrary code or to cause a denial of service\n via specially crafted PDF documents.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSE11.4\") {\n if(!isnull(res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.4.6~0.5.1\", rls:\"openSUSE11.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"openSUSE11.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.4.6~0.2.1\", rls:\"openSUSE11.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-12T11:19:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "Check for the Version of acroread", "modified": "2017-12-08T00:00:00", "published": "2011-12-05T00:00:00", "id": "OPENVAS:850173", "href": "http://plugins.openvas.org/nasl.php?oid=850173", "type": "openvas", "title": "SuSE Update for acroread SUSE-SA:2011:044", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# SuSE Update for acroread SUSE-SA:2011:044\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ninclude(\"revisions-lib.inc\");\ntag_impact = \"remote code execution\";\ntag_affected = \"acroread on openSUSE 11.3, openSUSE 11.4\";\ntag_insight = \"acrobat reader was updated to version 9.4.6 to fix several security issues that\n could allow attackers to execute arbitrary code or to cause a denial of service\n via specially crafted PDF documents.\";\ntag_solution = \"Please Install the Updated Packages.\";\n\n\nif(description)\n{\n script_id(850173);\n script_version(\"$Revision: 8041 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-08 08:28:21 +0100 (Fri, 08 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2011-12-05 12:16:18 +0530 (Mon, 05 Dec 2011)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_xref(name: \"SUSE-SA\", value: \"2011-044\");\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\",\n \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\",\n \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\",\n \"CVE-2011-2442\");\n script_name(\"SuSE Update for acroread SUSE-SA:2011:044\");\n\n script_summary(\"Check for the Version of acroread\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2011 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\");\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = get_kb_item(\"ssh/login/release\");\n\n\nres = \"\";\nif(release == NULL){\n exit(0);\n}\n\nif(release == \"openSUSE11.4\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.4.6~0.5.1\", rls:\"openSUSE11.4\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n\n\nif(release == \"openSUSE11.3\")\n{\n\n if ((res = isrpmvuln(pkg:\"acroread\", rpm:\"acroread~9.4.6~0.2.1\", rls:\"openSUSE11.3\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99); # Not vulnerable.\n exit(0);\n}\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-02T21:10:35", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2462", "CVE-2011-2441"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2017-04-19T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70746", "href": "http://plugins.openvas.org/nasl.php?oid=70746", "type": "openvas", "title": "FreeBSD Ports: acroread9", "sourceData": "#\n#VID fa2f386f-4814-11e1-89b4-001ec9578670\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from VID fa2f386f-4814-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: acroread9\n\nCVE-2011-2462\nUnspecified vulnerability in the U3D component in Adobe Reader and\nAcrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader\n9.x through 9.4.6 on UNIX, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunknown vectors, as exploited in the wild in December 2011.\n\nCVE-2011-1353\nUnspecified vulnerability in Adobe Reader 10.x before 10.1.1 on\nWindows allows local users to gain privileges via unknown vectors.\n\nCVE-2011-2431\nAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x\nbefore 10.1.1 allow attackers to execute arbitrary code via\nunspecified vectors, related to a 'security bypass vulnerability.'\n\nCVE-2011-2432\nBuffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat\n8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows\nattackers to execute arbitrary code via unspecified vectors.\n\nCVE-2011-2433\nHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors, a different\nvulnerability than CVE-2011-2434 and CVE-2011-2437.\n\nCVE-2011-2434\nHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors, a different\nvulnerability than CVE-2011-2433 and CVE-2011-2437.\n\nCVE-2011-2435\nBuffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x\nbefore 9.4.6, and 10.x before 10.1.1 allows attackers to execute\narbitrary code via unspecified vectors.\n\nCVE-2011-2436\nHeap-based buffer overflow in the image-parsing library in Adobe\nReader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before\n10.1.1 allows attackers to execute arbitrary code via unspecified\nvectors.\n\nCVE-2011-2437\nHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors, a different\nvulnerability than CVE-2011-2433 and CVE-2011-2434.\n\nCVE-2011-2438\nMultiple stack-based buffer overflows in the image-parsing library in\nAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x\nbefore 10.1.1 allow attackers to execute arbitrary code via\nunspecified vectors.\n\nCVE-2011-2439\nAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x\nbefore 10.1.1 allow attackers to execute arbitrary code via\nunspecified vectors, related to a 'memory leakage condition\nvulnerability.'\n\nCVE-2011-2440\nUse-after-free vulnerability in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors.\n\nCVE-2011-2441\nMultiple stack-based buffer overflows in CoolType.dll in Adobe Reader\nand Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1\nallow attackers to execute arbitrary code via unspecified vectors.\n\nCVE-2011-2442\nAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x\nbefore 10.1.1 allow attackers to execute arbitrary code via\nunspecified vectors, related to a 'logic error vulnerability.'\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://www.adobe.com/support/security/bulletins/apsb11-24.html\nhttp://www.adobe.com/support/security/advisories/apsa11-04.html\nhttp://www.vuxml.org/freebsd/fa2f386f-4814-11e1-89b4-001ec9578670.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\n\nif(description)\n{\n script_id(70746);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2462\", \"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n script_version(\"$Revision: 5977 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-04-19 11:02:22 +0200 (Wed, 19 Apr 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: acroread9\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\ntxt = \"\";\nbver = portver(pkg:\"acroread9\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.4.7\")<0) {\n txt += 'Package acroread9 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2019-05-29T18:38:50", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2462", "CVE-2011-2441"], "description": "The remote host is missing an update to the system\n as announced in the referenced advisory.", "modified": "2019-03-14T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070746", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070746", "type": "openvas", "title": "FreeBSD Ports: acroread9", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: freebsd_acroread9.nasl 14170 2019-03-14 09:24:12Z cfischer $\n#\n# Auto generated from VID fa2f386f-4814-11e1-89b4-001ec9578670\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70746\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2011-2462\", \"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n script_version(\"$Revision: 14170 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-14 10:24:12 +0100 (Thu, 14 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 07:27:20 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"FreeBSD Ports: acroread9\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsd\", \"ssh/login/freebsdrel\");\n\n script_tag(name:\"insight\", value:\"The following package is affected: acroread9\n\nCVE-2011-2462\nUnspecified vulnerability in the U3D component in Adobe Reader and\nAcrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader\n9.x through 9.4.6 on UNIX, allows remote attackers to execute\narbitrary code or cause a denial of service (memory corruption) via\nunknown vectors, as exploited in the wild in December 2011.\n\nCVE-2011-1353\nUnspecified vulnerability in Adobe Reader 10.x before 10.1.1 on\nWindows allows local users to gain privileges via unknown vectors.\n\nCVE-2011-2431\nAdobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x\nbefore 10.1.1 allow attackers to execute arbitrary code via\nunspecified vectors, related to a 'security bypass vulnerability.'\n\nCVE-2011-2432\nBuffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat\n8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows\nattackers to execute arbitrary code via unspecified vectors.\n\nCVE-2011-2433\nHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors, a different\nvulnerability than CVE-2011-2434 and CVE-2011-2437.\n\nCVE-2011-2434\nHeap-based buffer overflow in Adobe Reader and Acrobat 8.x before\n8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to\nexecute arbitrary code via unspecified vectors, a different\nvulnerability than CVE-2011-2433 and CVE-2011-2437.\n\nText truncated. Please see the references for more information.\");\n\n script_tag(name:\"solution\", value:\"Update your system with the appropriate patches or\n software upgrades.\");\n\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_xref(name:\"URL\", value:\"http://www.adobe.com/support/security/advisories/apsa11-04.html\");\n script_xref(name:\"URL\", value:\"http://www.vuxml.org/freebsd/fa2f386f-4814-11e1-89b4-001ec9578670.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update to the system\n as announced in the referenced advisory.\");\n\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-bsd.inc\");\n\nvuln = FALSE;\ntxt = \"\";\n\nbver = portver(pkg:\"acroread9\");\nif(!isnull(bver) && revcomp(a:bver, b:\"9.4.7\")<0) {\n txt += 'Package acroread9 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = TRUE;\n}\n\nif(vuln) {\n security_message(data:txt);\n} else if (__pkg_match) {\n exit(99);\n}", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:39:22", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-0565", "CVE-2010-4091", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-0590", "CVE-2011-0598", "CVE-2011-2134", "CVE-2011-0587", "CVE-2011-2138", "CVE-2011-0596", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-0563", "CVE-2011-0586", "CVE-2011-2431", "CVE-2011-0588", "CVE-2011-0603", "CVE-2011-0570", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-0595", "CVE-2011-0592", "CVE-2011-0566", "CVE-2011-0606", "CVE-2011-2414", "CVE-2011-0585", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-0591", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-0594", "CVE-2011-2442", "CVE-2011-0593", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-0602", "CVE-2011-0604", "CVE-2011-2136", "CVE-2011-4369", "CVE-2011-0567", "CVE-2011-0600", "CVE-2011-2415", "CVE-2011-2462", "CVE-2011-0562", "CVE-2011-0599", "CVE-2011-0589", "CVE-2011-2441", "CVE-2011-0605"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-19.", "modified": "2018-10-12T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:136141256231070820", "href": "http://plugins.openvas.org/nasl.php?oid=136141256231070820", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-19 (acroread)", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: glsa_201201_19.nasl 11859 2018-10-12 08:53:01Z cfischer $\n#\n# Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.70820\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-4091\", \"CVE-2011-0562\", \"CVE-2011-0563\", \"CVE-2011-0565\", \"CVE-2011-0566\", \"CVE-2011-0567\", \"CVE-2011-0570\", \"CVE-2011-0585\", \"CVE-2011-0586\", \"CVE-2011-0587\", \"CVE-2011-0588\", \"CVE-2011-0589\", \"CVE-2011-0590\", \"CVE-2011-0591\", \"CVE-2011-0592\", \"CVE-2011-0593\", \"CVE-2011-0594\", \"CVE-2011-0595\", \"CVE-2011-0596\", \"CVE-2011-0598\", \"CVE-2011-0599\", \"CVE-2011-0600\", \"CVE-2011-0602\", \"CVE-2011-0603\", \"CVE-2011-0604\", \"CVE-2011-0605\", \"CVE-2011-0606\", \"CVE-2011-2130\", \"CVE-2011-2134\", \"CVE-2011-2135\", \"CVE-2011-2136\", \"CVE-2011-2137\", \"CVE-2011-2138\", \"CVE-2011-2139\", \"CVE-2011-2140\", \"CVE-2011-2414\", \"CVE-2011-2415\", \"CVE-2011-2416\", \"CVE-2011-2417\", \"CVE-2011-2424\", \"CVE-2011-2425\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\", \"CVE-2011-2462\", \"CVE-2011-4369\");\n script_version(\"$Revision: 11859 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2018-10-12 10:53:01 +0200 (Fri, 12 Oct 2018) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-19 (acroread)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities in Adobe Reader might allow remote\n attackers to execute arbitrary code or conduct various other attacks.\");\n script_tag(name:\"solution\", value:\"All Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-9.4.7'\");\n\n script_xref(name:\"URL\", value:\"http://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-19\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=354211\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=382969\");\n script_xref(name:\"URL\", value:\"http://bugs.gentoo.org/show_bug.cgi?id=393481\");\n script_tag(name:\"summary\", value:\"The remote host is missing updates announced in\nadvisory GLSA 201201-19.\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"pkg-lib-gentoo.inc\");\ninclude(\"revisions-lib.inc\");\n\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.4.7\"), vulnerable: make_list(\"lt 9.4.7\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-07-24T12:50:28", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-0565", "CVE-2010-4091", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-0590", "CVE-2011-0598", "CVE-2011-2134", "CVE-2011-0587", "CVE-2011-2138", "CVE-2011-0596", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-0563", "CVE-2011-0586", "CVE-2011-2431", "CVE-2011-0588", "CVE-2011-0603", "CVE-2011-0570", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-0595", "CVE-2011-0592", "CVE-2011-0566", "CVE-2011-0606", "CVE-2011-2414", "CVE-2011-0585", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-0591", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-0594", "CVE-2011-2442", "CVE-2011-0593", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-0602", "CVE-2011-0604", "CVE-2011-2136", "CVE-2011-4369", "CVE-2011-0567", "CVE-2011-0600", "CVE-2011-2415", "CVE-2011-2462", "CVE-2011-0562", "CVE-2011-0599", "CVE-2011-0589", "CVE-2011-2441", "CVE-2011-0605"], "description": "The remote host is missing updates announced in\nadvisory GLSA 201201-19.", "modified": "2017-07-07T00:00:00", "published": "2012-02-12T00:00:00", "id": "OPENVAS:70820", "href": "http://plugins.openvas.org/nasl.php?oid=70820", "type": "openvas", "title": "Gentoo Security Advisory GLSA 201201-19 (acroread)", "sourceData": "#\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"Multiple vulnerabilities in Adobe Reader might allow remote\n attackers to execute arbitrary code or conduct various other attacks.\";\ntag_solution = \"All Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-9.4.7'\n \n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20201201-19\nhttp://bugs.gentoo.org/show_bug.cgi?id=354211\nhttp://bugs.gentoo.org/show_bug.cgi?id=382969\nhttp://bugs.gentoo.org/show_bug.cgi?id=393481\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 201201-19.\";\n\n \n \nif(description)\n{\n script_id(70820);\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2010-4091\", \"CVE-2011-0562\", \"CVE-2011-0563\", \"CVE-2011-0565\", \"CVE-2011-0566\", \"CVE-2011-0567\", \"CVE-2011-0570\", \"CVE-2011-0585\", \"CVE-2011-0586\", \"CVE-2011-0587\", \"CVE-2011-0588\", \"CVE-2011-0589\", \"CVE-2011-0590\", \"CVE-2011-0591\", \"CVE-2011-0592\", \"CVE-2011-0593\", \"CVE-2011-0594\", \"CVE-2011-0595\", \"CVE-2011-0596\", \"CVE-2011-0598\", \"CVE-2011-0599\", \"CVE-2011-0600\", \"CVE-2011-0602\", \"CVE-2011-0603\", \"CVE-2011-0604\", \"CVE-2011-0605\", \"CVE-2011-0606\", \"CVE-2011-2130\", \"CVE-2011-2134\", \"CVE-2011-2135\", \"CVE-2011-2136\", \"CVE-2011-2137\", \"CVE-2011-2138\", \"CVE-2011-2139\", \"CVE-2011-2140\", \"CVE-2011-2414\", \"CVE-2011-2415\", \"CVE-2011-2416\", \"CVE-2011-2417\", \"CVE-2011-2424\", \"CVE-2011-2425\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\", \"CVE-2011-2462\", \"CVE-2011-4369\");\n script_version(\"$Revision: 6593 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:18:14 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2012-02-12 10:04:42 -0500 (Sun, 12 Feb 2012)\");\n script_name(\"Gentoo Security Advisory GLSA 201201-19 (acroread)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2012 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\nres = \"\";\nreport = \"\";\nif((res = ispkgvuln(pkg:\"app-text/acroread\", unaffected: make_list(\"ge 9.4.7\"), vulnerable: make_list(\"lt 9.4.7\"))) != NULL ) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "suse": [{"lastseen": "2016-09-04T11:48:25", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "edition": 1, "description": "acrobat reader was updated to version 9.4.6 to fix several\n security issues (CVE-2011-1353, CVE-2011-2431,\n CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435,\n CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439,\n CVE-2011-2440, CVE-2011-2441, CVE-2011-2442)\n\n", "modified": "2011-11-14T22:08:22", "published": "2011-11-14T22:08:22", "id": "OPENSUSE-SU-2011:1238-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00012.html", "type": "suse", "title": "acroread (critical)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:24:44", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "Acrobat reader was updated to version 9.4.6 to fix several\n security issues (CVE-2011-1353, CVE-2011-2431,\n CVE-2011-2432, CVE-2011-2433, CVE-2011-2434,\n CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438,\n CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442)\n", "edition": 1, "modified": "2011-11-15T00:08:44", "published": "2011-11-15T00:08:44", "id": "SUSE-SU-2011:1239-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00013.html", "type": "suse", "title": "Security update for Acrobat Reader (critical)", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2016-09-04T11:56:17", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "acrobat reader was updated to version 9.4.6 to fix several security issues that could allow attackers to execute arbitrary code or to cause a denial of service via specially crafted PDF documents.\n#### Solution\nThere is no known workaround, please install the update packages.", "edition": 1, "modified": "2011-11-21T11:41:08", "published": "2011-11-21T11:41:08", "id": "SUSE-SA:2011:044", "href": "http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00025.html", "title": "remote code execution in acroread", "type": "suse", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:41", "bulletinFamily": "software", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "description": "Security updates available for Adobe Reader and Acrobat\r\n\r\nRelease date: September 13, 2011\r\n\r\nVulnerability identifier: APSB11-24\r\n\r\nCVE numbers: CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441, CVE-2011-2442\r\n\r\nPlatform: All\r\n\r\nSUMMARY\r\n\r\nCritical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.1). For users of Adobe Reader 9.4.5 and earlier versions for Windows and Macintosh, who cannot update to Adobe Reader X (10.1.1), Adobe has made available updates, Adobe Reader 9.4.6 and Adobe Reader 8.3.1. Adobe recommends users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X (10.1.1). Adobe recommends users of Adobe Acrobat 9.4.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.6, and users of Adobe Acrobat 8.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.1. Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.\r\n\r\nThe next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.\r\n\r\nNote: Support for Adobe Reader 8.x and Acrobat 8.x for Windows and Macintosh will end on November 3, 2011. For more information, please see: Adobe Reader and Acrobat 8 End of Support.\r\n\r\nAFFECTED SOFTWARE VERSIONS\r\n\r\nAdobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh\r\nAdobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX\r\nAdobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh\r\nAdobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh\r\nAdobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh\r\nAdobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh\r\nSOLUTION\r\n\r\nAdobe recommends users update their software installations by following the instructions below:\r\n\r\nAdobe Reader\r\n\r\nUsers can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.\r\n\r\nAdobe Reader users on Windows can also find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.\r\n\r\nAdobe Reader users on Macintosh can also find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.\r\n\r\nAdobe Acrobat\r\n\r\nUsers can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.\r\n\r\nAcrobat Standard and Pro users on Windows can also find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.\r\n\r\nAcrobat Pro Extended users on Windows can also find the appropriate update here:\r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.\r\n\r\nAcrobat 3D users on Windows can also find the appropriate update here: \r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.\r\n\r\nAcrobat Pro users on Macintosh can also find the appropriate update here: \r\nhttp://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.\r\n\r\nAdobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.\r\n\r\nSEVERITY RATING\r\n\r\nAdobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations by following the instructions in the "Solution" section above.\r\n\r\nDETAILS\r\n\r\nCritical vulnerabilities have been identified in Adobe Reader X (10.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.2 and earlier versions for UNIX, and Adobe Acrobat X (10.1) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.\r\n\r\nAdobe recommends users of Adobe Reader X (10.1) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.1.1). For users of Adobe Reader 9.4.5 and earlier versions for Windows and Macintosh who cannot update to Adobe Reader X (10.1.1), Adobe has made available updates, Adobe Reader 9.4.6 and Adobe Reader 8.3.1. Adobe recommends users of Adobe Acrobat X (10.1) for Windows and Macintosh update to Adobe Acrobat X (10.1.1). Adobe recommends users of Adobe Acrobat 9.4.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.6, and users of Adobe Acrobat 8.3 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.3.1. Adobe Reader 9.4.6 for UNIX is currently scheduled to be released on November 7, 2011.\r\n\r\nThese updates resolve a local privilege-escalation vulnerability (Adobe Reader X (10.x) on Windows only) (CVE-2011-1353).\r\n\r\nThese updates resolve a security bypass vulnerability that could lead to code execution (CVE-2011-2431). \r\n\r\nThese updates resolve a buffer overflow vulnerability in the U3D TIFF Resource that could lead to code execution (CVE-2011-2432). \r\n\r\nThese updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2433). \r\n\r\nThese updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2434).\r\n\r\nThese updates resolve an buffer overflow vulnerability that could lead to code execution (CVE-2011-2435). \r\n\r\nThese updates resolve a heap overflow vulnerability in the Adobe image parsing library that could lead to code execution (CVE-2011-2436). \r\n\r\nThese updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2011-2437). \r\n\r\nThese updates resolve three stack overflow vulnerabilities in the Adobe image parsing library that could lead to code execution (CVE-2011-2438). \r\n\r\nThese updates resolve a memory leakage condition vulnerability that could lead to code execution (CVE-2011-2439). \r\n\r\nThese updates resolve a use-after-free vulnerability that could lead to code execution (CVE-2011-2440). \r\n\r\nThese updates resolve two stack overflow vulnerabilities in the CoolType.dll library that could lead to code execution (CVE-2011-2441). \r\n\r\nThese updates resolve a logic error vulnerability that could lead to code execution (CVE-2011-2442). \r\n\r\nThese updates also incorporate the Adobe Flash Player updates as noted in Security Bulletin APSB11-21.\r\n\r\nThe next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for December 13, 2011.\r\n\r\nACKNOWLEDGEMENTS\r\n\r\nAdobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:\r\n\r\nPaul Sabanal and Mark Yason from IBM X-Force Advanced Research (CVE-2011-1353) \r\nZhenhua Liu of Fortinet's Fortiguard Labs (CVE-2011-1353) \r\nVladimir Vorontsov of ONsec (CVE-2011-2431) \r\nbinaryproof through Tipping Point's Zero Day Initiative (CVE-2011-2432, CVE-2011-2433,CVE-2011-2434, CVE-2011-2435, CVE-2011-2436,CVE-2011-2437, CVE-2011-2438, CVE-2011-2441)\r\nJames Quirk, Los Alamos (CVE-2011-2439) \r\nAn anonymous reporter via iDefense Labs (CVE-2011-2440) \r\nTavis Ormandy of the Google Security Team (CVE-2011-2442) ", "edition": 1, "modified": "2011-09-16T00:00:00", "published": "2011-09-16T00:00:00", "id": "SECURITYVULNS:DOC:27022", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:27022", "title": "Security updates available for Adobe Reader and Acrobat", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:09:43", "bulletinFamily": "software", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2411", "CVE-2011-2441"], "description": "Privilege escalation, memory leakage, code executions, multiple buffer overflows.", "edition": 1, "modified": "2011-10-31T00:00:00", "published": "2011-10-31T00:00:00", "id": "SECURITYVULNS:VULN:11911", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:11911", "title": "Adobe Acrobat / Reader multiple security vulnerabilities", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2021-01-01T05:57:17", "description": "acrobat reader was updated to version 9.4.6 to fix several security\nissues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433\n/ CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 /\nCVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 /\nCVE-2011-2442)", "edition": 22, "published": "2011-12-13T00:00:00", "title": "SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN", "cpe:/o:novell:suse_linux:11", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko", "p-cpe:/a:novell:suse_linux:11:acroread-cmaps", "p-cpe:/a:novell:suse_linux:11:acroread", "p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW"], "id": "SUSE_11_ACROREAD-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/57087", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from SuSE 11 update information. The text itself is\n# copyright (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57087);\n script_version(\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:42\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n\n script_name(english:\"SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 11 host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"acrobat reader was updated to version 9.4.6 to fix several security\nissues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433\n/ CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 /\nCVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 /\nCVE-2011-2442)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2431.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2435.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2436.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2438.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2439.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2442.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply SAT patch number 5412.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:11:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)11\") audit(AUDIT_OS_NOT, \"SuSE 11\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SuSE 11\", cpu);\n\npl = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(pl) || int(pl) != 1) audit(AUDIT_OS_NOT, \"SuSE 11.1\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-cmaps-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-ja-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-ko-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-zh_CN-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"i586\", reference:\"acroread-fonts-zh_TW-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-cmaps-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-ja-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-ko-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-zh_CN-9.4.6-0.2.1\")) flag++;\nif (rpm_check(release:\"SLED11\", sp:1, cpu:\"x86_64\", reference:\"acroread-fonts-zh_TW-9.4.6-0.2.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T06:29:17", "description": "Acrobat reader was updated to version 9.4.6 to fix several security\nissues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433\n/ CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 /\nCVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 /\nCVE-2011-2442)", "edition": 22, "published": "2011-12-13T00:00:00", "title": "SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_ACROREAD-7833.NASL", "href": "https://www.tenable.com/plugins/nessus/57154", "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(57154);\n script_version (\"1.8\");\n script_cvs_date(\"Date: 2019/10/25 13:36:43\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n\n script_name(english:\"SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Acrobat reader was updated to version 9.4.6 to fix several security\nissues. (CVE-2011-1353 / CVE-2011-2431 / CVE-2011-2432 / CVE-2011-2433\n/ CVE-2011-2434 / CVE-2011-2435 / CVE-2011-2436 / CVE-2011-2437 /\nCVE-2011-2438 / CVE-2011-2439 / CVE-2011-2440 / CVE-2011-2441 /\nCVE-2011-2442)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-1353.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2431.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2432.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2433.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2434.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2435.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2436.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2437.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2438.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2439.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2440.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2441.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2011-2442.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 7833.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-9.4.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-cmaps-9.4.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-fonts-ja-9.4.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-fonts-ko-9.4.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-fonts-zh_CN-9.4.6-0.5.1\")) flag++;\nif (rpm_check(release:\"SLED10\", sp:4, reference:\"acroread-fonts-zh_TW-9.4.6-0.5.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:08:32", "description": "acrobat reader was updated to version 9.4.6 to fix several security\nissues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433,\nCVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437,\nCVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441,\nCVE-2011-2442)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "cpe:/o:novell:opensuse:11.4"], "id": "SUSE_11_4_ACROREAD-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/75783", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-5411.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75783);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)\");\n script_summary(english:\"Check for the acroread-5411 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"acrobat reader was updated to version 9.4.6 to fix several security\nissues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433,\nCVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437,\nCVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441,\nCVE-2011-2442)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.4)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.4\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.4\", reference:\"acroread-9.4.6-0.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T12:07:50", "description": "acrobat reader was updated to version 9.4.6 to fix several security\nissues", "edition": 23, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-2011-54)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "modified": "2014-06-13T00:00:00", "cpe": ["cpe:/o:novell:opensuse:12.1", "p-cpe:/a:novell:opensuse:acroread-fonts-ja", "p-cpe:/a:novell:opensuse:acroread-cmaps", "p-cpe:/a:novell:opensuse:acroread", "p-cpe:/a:novell:opensuse:acroread-fonts-ko", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN", "p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW"], "id": "OPENSUSE-2011-54.NASL", "href": "https://www.tenable.com/plugins/nessus/74527", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2011-54.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(74527);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-2011-54)\");\n script_summary(english:\"Check for the openSUSE-2011-54 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"acrobat reader was updated to version 9.4.6 to fix several security\nissues\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717724\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-cmaps\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ja\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-ko\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_CN\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread-fonts-zh_TW\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:12.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE12\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"12.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-9.4.6-3.4.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-cmaps-9.4.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-fonts-ja-9.4.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-fonts-ko-9.4.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-fonts-zh_CN-9.4.1-3.5.1\") ) flag++;\nif ( rpm_check(release:\"SUSE12.1\", reference:\"acroread-fonts-zh_TW-9.4.1-3.5.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread-fonts-zh_TW / acroread-cmaps / acroread-fonts-zh_CN / etc\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-17T14:07:05", "description": "acrobat reader was updated to version 9.4.6 to fix several security\nissues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433,\nCVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437,\nCVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441,\nCVE-2011-2442)", "edition": 24, "published": "2014-06-13T00:00:00", "title": "openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2441"], "modified": "2014-06-13T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:acroread", "cpe:/o:novell:opensuse:11.3"], "id": "SUSE_11_3_ACROREAD-111111.NASL", "href": "https://www.tenable.com/plugins/nessus/75422", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update acroread-5411.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(75422);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\");\n\n script_name(english:\"openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)\");\n script_summary(english:\"Check for the acroread-5411 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"acrobat reader was updated to version 9.4.6 to fix several security\nissues (CVE-2011-1353, CVE-2011-2431, CVE-2011-2432, CVE-2011-2433,\nCVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437,\nCVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2441,\nCVE-2011-2442)\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.novell.com/show_bug.cgi?id=717724\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.opensuse.org/opensuse-updates/2011-11/msg00011.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected acroread package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:11.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/11/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2014/06/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE11\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"11.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE11.3\", reference:\"acroread-9.4.6-0.2.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"acroread\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:51:34", "description": "The Adobe Security Team reports :\n\nAn unspecified vulnerability in the U3D component allows remote\nattackers to execute arbitrary code (or cause a denial of service\nattack) via unknown vectors.\n\nA heap-based buffer overflow allows attackers to execute arbitrary\ncode via unspecified vectors.", "edition": 22, "published": "2012-01-27T00:00:00", "title": "FreeBSD : acroread9 -- Multiple Vulnerabilities (fa2f386f-4814-11e1-89b4-001ec9578670)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2462", "CVE-2011-2441"], "modified": "2012-01-27T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:acroread9"], "id": "FREEBSD_PKG_FA2F386F481411E189B4001EC9578670.NASL", "href": "https://www.tenable.com/plugins/nessus/57705", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57705);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2011-1353\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\", \"CVE-2011-2462\");\n\n script_name(english:\"FreeBSD : acroread9 -- Multiple Vulnerabilities (fa2f386f-4814-11e1-89b4-001ec9578670)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The Adobe Security Team reports :\n\nAn unspecified vulnerability in the U3D component allows remote\nattackers to execute arbitrary code (or cause a denial of service\nattack) via unknown vectors.\n\nA heap-based buffer overflow allows attackers to execute arbitrary\ncode via unspecified vectors.\"\n );\n # http://www.adobe.com/support/security/bulletins/apsb11-24.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/bulletins/apsb11-24.html\"\n );\n # http://www.adobe.com/support/security/advisories/apsa11-04.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.adobe.com/support/security/advisories/apsa11-04.html\"\n );\n # https://vuxml.freebsd.org/freebsd/fa2f386f-4814-11e1-89b4-001ec9578670.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?48167c68\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Reader U3D Memory Corruption Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:acroread9\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/12/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/27\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"acroread9<9.4.7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:13:04", "description": "The version of Adobe Acrobat installed on the remote host is earlier\nthan 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially affected \nby the following vulnerabilities :\n\n - An unspecified error exists that can allow an attacker\n to bypass security leading to code execution. \n (CVE-2011-2431)\n\n - Several errors exist that allow buffer overflows\n leading to code execution. (CVE-2011-2432, \n CVE-2011-2435)\n\n - Several errors exist that allow heap overflows leading\n to code execution. (CVE-2011-2433, CVE-2011-2434, \n CVE-2011-2436, CVE-2011-2437)\n\n - Several errors exist that allow stack overflows leading\n to code execution. (CVE-2011-2438)\n\n - An error exists that can allow memory leaks leading to\n code execution. (CVE-2011-2439)\n\n - A use-after-free error exists that can allow code\n exection. (CVE-2011-2440)\n\n - Several errors exist in the 'CoolType.dll' library that\n can allow stack overflows leading to code execution.\n (CVE-2011-2441)\n\n - A logic error exists that can lead to code execution.\n (CVE-2011-2442)\n\n - Multiple issues exist as noted in APSB11-21, a security\n update for Adobe Flash Player. (CVE-2011-2130, \n CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, \n CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, \n CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, \n CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, \n CVE-2011-2424)", "edition": 25, "published": "2011-09-14T00:00:00", "title": "Adobe Acrobat < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-2134", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-2414", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2136", "CVE-2011-2415", "CVE-2011-2441"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat"], "id": "ADOBE_ACROBAT_APSB11-24.NASL", "href": "https://www.tenable.com/plugins/nessus/56197", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(56197);\n script_version(\"1.22\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-2130\",\n \"CVE-2011-2134\",\n \"CVE-2011-2135\",\n \"CVE-2011-2136\",\n \"CVE-2011-2137\",\n \"CVE-2011-2138\",\n \"CVE-2011-2139\",\n \"CVE-2011-2140\",\n \"CVE-2011-2414\",\n \"CVE-2011-2415\",\n \"CVE-2011-2416\",\n \"CVE-2011-2417\",\n \"CVE-2011-2424\",\n \"CVE-2011-2425\",\n \"CVE-2011-2431\",\n \"CVE-2011-2432\",\n \"CVE-2011-2433\",\n \"CVE-2011-2434\",\n \"CVE-2011-2435\",\n \"CVE-2011-2436\",\n \"CVE-2011-2437\",\n \"CVE-2011-2438\",\n \"CVE-2011-2439\",\n \"CVE-2011-2440\",\n \"CVE-2011-2441\",\n \"CVE-2011-2442\"\n );\n script_bugtraq_id(\n 49073,\n 49074,\n 49075,\n 49076,\n 49077,\n 49079,\n 49080,\n 49081,\n 49082,\n 49083,\n 49084,\n 49085,\n 49086,\n 49186,\n 49572,\n 49575,\n 49576,\n 49577,\n 49578,\n 49579,\n 49580,\n 49581,\n 49582,\n 49583,\n 49584,\n 49585\n );\n script_xref(name:\"EDB-ID\", value:\"18437\");\n script_xref(name:\"EDB-ID\", value:\"18479\");\n \n script_name(english:\"Adobe Acrobat < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)\");\n script_summary(english:\"Checks version of Adobe Acrobat\");\n\n script_set_attribute(attribute:\"synopsis\",value:\n\"The version of Adobe Acrobat on the remote Windows host is affected\nby multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Acrobat installed on the remote host is earlier\nthan 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially affected \nby the following vulnerabilities :\n\n - An unspecified error exists that can allow an attacker\n to bypass security leading to code execution. \n (CVE-2011-2431)\n\n - Several errors exist that allow buffer overflows\n leading to code execution. (CVE-2011-2432, \n CVE-2011-2435)\n\n - Several errors exist that allow heap overflows leading\n to code execution. (CVE-2011-2433, CVE-2011-2434, \n CVE-2011-2436, CVE-2011-2437)\n\n - Several errors exist that allow stack overflows leading\n to code execution. (CVE-2011-2438)\n\n - An error exists that can allow memory leaks leading to\n code execution. (CVE-2011-2439)\n\n - A use-after-free error exists that can allow code\n exection. (CVE-2011-2440)\n\n - Several errors exist in the 'CoolType.dll' library that\n can allow stack overflows leading to code execution.\n (CVE-2011-2441)\n\n - A logic error exists that can lead to code execution.\n (CVE-2011-2442)\n\n - Multiple issues exist as noted in APSB11-21, a security\n update for Adobe Flash Player. (CVE-2011-2130, \n CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, \n CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, \n CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, \n CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, \n CVE-2011-2424)\");\n\n # http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46d1fce8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-282/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-296/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-297/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-298/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-299/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-300/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-301/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-302/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-310/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Adobe Acrobat 8.3.1 / 9.4.6 / 10.1.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n script_copyright(english:'This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.');\n\n script_dependencies('adobe_acrobat_installed.nasl');\n script_require_keys('SMB/Acrobat/Version');\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\n\nversion = get_kb_item_or_exit(\"SMB/Acrobat/Version\");\nversion_ui = get_kb_item('SMB/Acrobat/Version_UI');\n\nif (isnull(version_ui)) version_report = version;\nelse version_report = version_ui;\n\nver = split(version, sep:'.', keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif ( \n (ver[0] == 8 && ver[1] < 3) ||\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 1) ||\n (ver[0] == 9 && ver[1] < 4) ||\n (ver[0] == 9 && ver[1] == 4 && ver[2] < 6) ||\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 1)\n)\n{\n if (report_verbosity > 0)\n {\n path = get_kb_item('SMB/Acrobat/Path');\n if (isnull(path)) path = 'n/a';\n\n report =\n '\\n Path : '+path+\n '\\n Installed version : '+version_report+\n '\\n Fixed version : 8.3.1 / 9.4.6 / 10.1.1\\n';\n security_hole(port:get_kb_item('SMB/transport'), extra:report);\n }\n else security_hole(get_kb_item('SMB/transport'));\n}\nelse exit(0, \"The host is not affected since Adobe Acrobat \"+version_report+\" is installed.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T01:14:27", "description": "The version of Adobe Reader installed on the remote Windows host is\nearlier than 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - An unspecified error exists that allows local\n privilege escalation attacks. (CVE-2011-1353)\n\n - An unspecified error exists that can allow an attacker\n to bypass security leading to code execution. \n (CVE-2011-2431)\n\n - Several errors exist that allow buffer overflows\n leading to code execution. (CVE-2011-2432, \n CVE-2011-2435)\n\n - Several errors exist that allow heap overflows leading\n to code execution. (CVE-2011-2433, CVE-2011-2434, \n CVE-2011-2436, CVE-2011-2437)\n\n - Several errors exist that allow stack overflows leading\n to code execution. (CVE-2011-2438)\n\n - An error exists that can allow memory leaks leading to\n code execution. (CVE-2011-2439)\n\n - A use-after-free error exists that can allow code\n exection. (CVE-2011-2440)\n\n - Several errors exist in the 'CoolType.dll' library that\n can allow stack overflows leading to code execution.\n (CVE-2011-2441)\n\n - A logic error exists that can lead to code execution.\n (CVE-2011-2442)\n\n - Multiple issues exist as noted in APSB11-21, a security\n update for Adobe Flash Player. (CVE-2011-2130, \n CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, \n CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, \n CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, \n CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, \n CVE-2011-2424)", "edition": 25, "published": "2011-09-14T00:00:00", "title": "Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-2134", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-2414", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2136", "CVE-2011-2415", "CVE-2011-2441"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "ADOBE_READER_APSB11-24.NASL", "href": "https://www.tenable.com/plugins/nessus/56198", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56198);\n script_version(\"1.25\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\n \"CVE-2011-1353\",\n \"CVE-2011-2130\",\n \"CVE-2011-2134\",\n \"CVE-2011-2135\",\n \"CVE-2011-2136\",\n \"CVE-2011-2137\",\n \"CVE-2011-2138\",\n \"CVE-2011-2139\",\n \"CVE-2011-2140\",\n \"CVE-2011-2414\",\n \"CVE-2011-2415\",\n \"CVE-2011-2416\",\n \"CVE-2011-2417\",\n \"CVE-2011-2424\",\n \"CVE-2011-2425\",\n \"CVE-2011-2431\",\n \"CVE-2011-2432\",\n \"CVE-2011-2433\",\n \"CVE-2011-2434\",\n \"CVE-2011-2435\",\n \"CVE-2011-2436\",\n \"CVE-2011-2437\",\n \"CVE-2011-2438\",\n \"CVE-2011-2439\",\n \"CVE-2011-2440\",\n \"CVE-2011-2441\",\n \"CVE-2011-2442\"\n );\n script_bugtraq_id(\n 49073,\n 49074,\n 49075,\n 49076,\n 49077,\n 49079,\n 49080,\n 49081,\n 49082,\n 49083,\n 49084,\n 49085,\n 49086,\n 49186,\n 49572,\n 49575,\n 49576,\n 49577,\n 49578,\n 49579,\n 49580,\n 49581,\n 49582,\n 49583,\n 49584,\n 49585,\n 49586\n );\n script_xref(name:\"EDB-ID\", value:\"18437\");\n script_xref(name:\"EDB-ID\", value:\"18479\");\n \n script_name(english:\"Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24)\");\n script_summary(english:\"Checks version of Adobe Reader\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Windows host is affected by\nmultiple vulnerabilities.\");\n\n script_set_attribute(attribute:\"description\",value:\n\"The version of Adobe Reader installed on the remote Windows host is\nearlier than 10.1.1 / 9.4.6 / 8.3.1. It is, therefore, potentially\naffected by the following vulnerabilities :\n\n - An unspecified error exists that allows local\n privilege escalation attacks. (CVE-2011-1353)\n\n - An unspecified error exists that can allow an attacker\n to bypass security leading to code execution. \n (CVE-2011-2431)\n\n - Several errors exist that allow buffer overflows\n leading to code execution. (CVE-2011-2432, \n CVE-2011-2435)\n\n - Several errors exist that allow heap overflows leading\n to code execution. (CVE-2011-2433, CVE-2011-2434, \n CVE-2011-2436, CVE-2011-2437)\n\n - Several errors exist that allow stack overflows leading\n to code execution. (CVE-2011-2438)\n\n - An error exists that can allow memory leaks leading to\n code execution. (CVE-2011-2439)\n\n - A use-after-free error exists that can allow code\n exection. (CVE-2011-2440)\n\n - Several errors exist in the 'CoolType.dll' library that\n can allow stack overflows leading to code execution.\n (CVE-2011-2441)\n\n - A logic error exists that can lead to code execution.\n (CVE-2011-2442)\n\n - Multiple issues exist as noted in APSB11-21, a security\n update for Adobe Flash Player. (CVE-2011-2130, \n CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, \n CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, \n CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, \n CVE-2011-2416, CVE-2011-2417, CVE-2011-2425, \n CVE-2011-2424)\");\n\n # http://www.abysssec.com/blog/2012/01/31/exploiting-cve-2011-2140-another-flash-player-vulnerability/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?46d1fce8\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-282/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-283/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-296/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-297/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-298/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-299/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-300/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-301/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-302/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.zerodayinitiative.com/advisories/ZDI-11-310/\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade to Adobe Reader 8.3.1, 9.4.6, 10.1.1, or later.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\nscript_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:'Windows');\n script_copyright(english:'This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.');\n\n script_dependencies('adobe_reader_installed.nasl');\n script_require_keys('SMB/Acroread/Version');\n exit(0);\n}\n\n#\n\ninclude('global_settings.inc');\n\ninfo = '';\ninfo2 = '';\nvuln = 0;\nvers = get_kb_list('SMB/Acroread/Version');\nif (isnull(vers)) exit(0, 'The \"SMB/Acroread/Version\" KB list is missing.');\n\nforeach version (vers)\n{\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n path = get_kb_item('SMB/Acroread/'+version+'/Path');\n if (isnull(path)) path = 'n/a';\n\n verui = get_kb_item('SMB/Acroread/'+version+'/Version_UI');\n if (isnull(verui)) verui = version;\n\n if ( \n (ver[0] == 8 && ver[1] < 3) ||\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 1) ||\n (ver[0] == 9 && ver[1] < 4) ||\n (ver[0] == 9 && ver[1] == 4 && ver[2] < 6) ||\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 1)\n )\n {\n vuln++;\n info += '\\n Path : '+path+\n '\\n Installed version : '+verui+\n '\\n Fixed version : 8.3.1 / 9.4.6 / 10.1.1\\n';\n }\n else\n info2 += \" and \" + verui;\n}\n\nif (info)\n{\n if (report_verbosity > 0)\n {\n if (vuln > 1) s = \"s of Adobe Reader are\";\n else s = \" of Adobe Reader is\";\n\n report =\n '\\nThe following vulnerable instance'+s+' installed on the'+\n '\\nremote host :\\n'+\n info;\n security_hole(port:get_kb_item(\"SMB/transport\"), extra:report);\n }\n else security_hole(get_kb_item(\"SMB/transport\"));\n\n exit(0);\n}\n\nif (info2) \n{\n info2 -= \" and \";\n if (\" and \" >< info2) be = \"are\";\n else be = \"is\";\n\n exit(0, \"The host is not affected since Adobe Reader \"+info2+\" \"+be+\" installed.\");\n}\nelse exit(1, \"Unexpected error - 'info2' is empty.\");\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-01T03:27:03", "description": "The version of Adobe Reader installed on the remote Mac OS X host is\nprior to 10.1.1, 9.4.6, or 8.3.1. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An unspecified error exists that allows an attacker to\n bypass security restrictions, resulting in code\n execution. (CVE-2011-2431)\n\n - Multiple buffer overflow conditions exists that allow an\n attacker to execute arbitrary code. (CVE-2011-2432,\n CVE-2011-2435)\n\n - Multiple heap overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2011-2433,\n CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)\n\n - Multiple stack overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2011-2438)\n\n - An error exists related to memory leak issues that\n allows an attacker to execute arbitrary code.\n (CVE-2011-2439)\n\n - A use-after-free error exists that allows an attacker to\n execute arbitrary code. (CVE-2011-2440)\n\n - Multiple errors exist in the CoolType.dll library that\n can allow stack overflow conditions, resulting in code\n execution. (CVE-2011-2441)\n\n - A logic error exists that allows an attacker to execute\n arbitrary code. (CVE-2011-2442)\n\n - Multiple vulnerabilities exist, as noted in APSB11-21,\n that can allow an attacker to take control of the\n affected system or cause the application to crash.\n (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,\n CVE-2011-2136, CVE-2011-2137, CVE-2011-2138,\n CVE-2011-2139, CVE-2011-2140, CVE-2011-2414,\n CVE-2011-2415, CVE-2011-2416, CVE-2011-2417,\n CVE-2011-2425, CVE-2011-2424)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.", "edition": 24, "published": "2011-09-14T00:00:00", "title": "Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24, APSB11-26) (Mac OS X)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2428", "CVE-2011-2444", "CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-2134", "CVE-2011-2138", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2429", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-2414", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-2442", "CVE-2011-2426", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2136", "CVE-2011-2415", "CVE-2011-2441", "CVE-2011-2427", "CVE-2011-2430"], "modified": "2021-01-02T00:00:00", "cpe": ["cpe:/a:adobe:acrobat_reader"], "id": "MACOSX_ADOBE_READER_APSB11-24.NASL", "href": "https://www.tenable.com/plugins/nessus/56199", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\nif (NASL_LEVEL < 3000) exit(0);\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(56199);\n script_version(\"1.16\");\n script_cvs_date(\"Date: 2018/07/14 1:59:35\");\n\n script_cve_id(\n \"CVE-2011-1353\",\n \"CVE-2011-2130\",\n \"CVE-2011-2134\",\n \"CVE-2011-2135\",\n \"CVE-2011-2136\",\n \"CVE-2011-2137\",\n \"CVE-2011-2138\",\n \"CVE-2011-2139\",\n \"CVE-2011-2140\",\n \"CVE-2011-2414\",\n \"CVE-2011-2415\",\n \"CVE-2011-2416\",\n \"CVE-2011-2417\",\n \"CVE-2011-2424\",\n \"CVE-2011-2425\",\n \"CVE-2011-2426\",\n \"CVE-2011-2427\",\n \"CVE-2011-2428\",\n \"CVE-2011-2429\",\n \"CVE-2011-2430\",\n \"CVE-2011-2431\",\n \"CVE-2011-2432\",\n \"CVE-2011-2433\",\n \"CVE-2011-2434\",\n \"CVE-2011-2435\",\n \"CVE-2011-2436\",\n \"CVE-2011-2437\",\n \"CVE-2011-2438\",\n \"CVE-2011-2439\",\n \"CVE-2011-2440\",\n \"CVE-2011-2441\",\n \"CVE-2011-2442\",\n \"CVE-2011-2444\"\n );\n script_bugtraq_id(\n 49073,\n 49074,\n 49075,\n 49076,\n 49077,\n 49079,\n 49080,\n 49081,\n 49082,\n 49083,\n 49084,\n 49085,\n 49086,\n 49186,\n 49572,\n 49575,\n 49576,\n 49577,\n 49578,\n 49579,\n 49580,\n 49581,\n 49582,\n 49583,\n 49584,\n 49585,\n 49586,\n 49710,\n 49714,\n 49715,\n 49716,\n 49717,\n 49718\n );\n\n script_name(english:\"Adobe Reader < 10.1.1 / 9.4.6 / 8.3.1 Multiple Vulnerabilities (APSB11-21, APSB11-24, APSB11-26) (Mac OS X)\");\n script_summary(english:\"Checks the version of Adobe Reader.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The version of Adobe Reader on the remote Mac OS X host is affected by\nmultiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of Adobe Reader installed on the remote Mac OS X host is\nprior to 10.1.1, 9.4.6, or 8.3.1. It is, therefore, affected by the\nfollowing vulnerabilities :\n\n - An unspecified error exists that allows an attacker to\n bypass security restrictions, resulting in code\n execution. (CVE-2011-2431)\n\n - Multiple buffer overflow conditions exists that allow an\n attacker to execute arbitrary code. (CVE-2011-2432,\n CVE-2011-2435)\n\n - Multiple heap overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2011-2433,\n CVE-2011-2434, CVE-2011-2436, CVE-2011-2437)\n\n - Multiple stack overflow conditions exist that allow an\n attacker to execute arbitrary code. (CVE-2011-2438)\n\n - An error exists related to memory leak issues that\n allows an attacker to execute arbitrary code.\n (CVE-2011-2439)\n\n - A use-after-free error exists that allows an attacker to\n execute arbitrary code. (CVE-2011-2440)\n\n - Multiple errors exist in the CoolType.dll library that\n can allow stack overflow conditions, resulting in code\n execution. (CVE-2011-2441)\n\n - A logic error exists that allows an attacker to execute\n arbitrary code. (CVE-2011-2442)\n\n - Multiple vulnerabilities exist, as noted in APSB11-21,\n that can allow an attacker to take control of the\n affected system or cause the application to crash.\n (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,\n CVE-2011-2136, CVE-2011-2137, CVE-2011-2138,\n CVE-2011-2139, CVE-2011-2140, CVE-2011-2414,\n CVE-2011-2415, CVE-2011-2416, CVE-2011-2417,\n CVE-2011-2425, CVE-2011-2424)\n\nNote that Nessus has not tested for these issues but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-21.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-24.html\");\n script_set_attribute(attribute:\"see_also\", value:\"http://www.adobe.com/support/security/bulletins/apsb11-26.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to Adobe Reader version 10.1.1 / 9.4.6 / 8.3.1 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Flash Player MP4 SequenceParameterSetNALUnit Buffer Overflow');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2011/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2011/09/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:adobe:acrobat_reader\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MacOS X Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2011-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"macosx_adobe_reader_installed.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/MacOSX/Version\", \"installed_sw/Adobe Reader\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"install_func.inc\");\ninclude(\"misc_func.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\"))\n audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nif (!get_kb_item(\"Host/MacOSX/Version\"))\n audit(AUDIT_OS_NOT, \"Mac OS X\");\n\napp = \"Adobe Reader\";\ninstall = get_single_install(app_name:app, exit_if_unknown_ver:TRUE);\nversion = install['version'];\npath = install['path'];\n\nver = split(version, sep:\".\", keep:FALSE);\nfor (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\nif (\n (ver[0] == 8 && ver[1] < 3) ||\n (ver[0] == 8 && ver[1] == 3 && ver[2] < 1)\n)\n fix = \"8.3.1\";\nelse if (\n (ver[0] == 9 && ver[1] < 4) ||\n (ver[0] == 9 && ver[1] == 4 && ver[2] < 6)\n)\n fix = \"9.4.6\";\nelse if (\n (ver[0] == 10 && ver[1] < 1) ||\n (ver[0] == 10 && ver[1] == 1 && ver[2] < 1)\n)\n fix = \"10.1.1\";\nelse\n fix = \"\";\n\nif (fix)\n{\n info =\n '\\n Path : ' + path +\n '\\n Installed version : ' + version +\n '\\n Fixed version : ' + fix +\n '\\n';\n security_report_v4(port:0, extra:info, severity:SECURITY_HOLE);\n}\nelse\n audit(AUDIT_INST_PATH_NOT_VULN, app, version, path);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:53:18", "description": "The remote host is affected by the vulnerability described in GLSA-201201-19\n(Adobe Reader: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Reader. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted PDF\n file using Adobe Reader, possibly resulting in the remote execution of\n arbitrary code, a Denial of Service, or other impact.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 22, "published": "2012-01-31T00:00:00", "title": "GLSA-201201-19 : Adobe Reader: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-0565", "CVE-2010-4091", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-0590", "CVE-2011-0598", "CVE-2011-2134", "CVE-2011-0587", "CVE-2011-2138", "CVE-2011-0596", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-0563", "CVE-2011-0586", "CVE-2011-2431", "CVE-2011-0588", "CVE-2011-0603", "CVE-2011-0570", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-0595", "CVE-2011-0592", "CVE-2011-0566", "CVE-2011-0606", "CVE-2011-2414", "CVE-2011-0585", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-0591", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-0594", "CVE-2011-2442", "CVE-2011-0593", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-0602", "CVE-2011-0604", "CVE-2011-2136", "CVE-2011-4369", "CVE-2011-0567", "CVE-2011-0600", "CVE-2011-2415", "CVE-2011-2462", "CVE-2011-0562", "CVE-2011-0599", "CVE-2011-0589", "CVE-2011-2441", "CVE-2011-0605"], "modified": "2012-01-31T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:acroread"], "id": "GENTOO_GLSA-201201-19.NASL", "href": "https://www.tenable.com/plugins/nessus/57745", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201201-19.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(57745);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2010-4091\", \"CVE-2011-0562\", \"CVE-2011-0563\", \"CVE-2011-0565\", \"CVE-2011-0566\", \"CVE-2011-0567\", \"CVE-2011-0570\", \"CVE-2011-0585\", \"CVE-2011-0586\", \"CVE-2011-0587\", \"CVE-2011-0588\", \"CVE-2011-0589\", \"CVE-2011-0590\", \"CVE-2011-0591\", \"CVE-2011-0592\", \"CVE-2011-0593\", \"CVE-2011-0594\", \"CVE-2011-0595\", \"CVE-2011-0596\", \"CVE-2011-0598\", \"CVE-2011-0599\", \"CVE-2011-0600\", \"CVE-2011-0602\", \"CVE-2011-0603\", \"CVE-2011-0604\", \"CVE-2011-0605\", \"CVE-2011-0606\", \"CVE-2011-2130\", \"CVE-2011-2134\", \"CVE-2011-2135\", \"CVE-2011-2136\", \"CVE-2011-2137\", \"CVE-2011-2138\", \"CVE-2011-2139\", \"CVE-2011-2140\", \"CVE-2011-2414\", \"CVE-2011-2415\", \"CVE-2011-2416\", \"CVE-2011-2417\", \"CVE-2011-2424\", \"CVE-2011-2425\", \"CVE-2011-2431\", \"CVE-2011-2432\", \"CVE-2011-2433\", \"CVE-2011-2434\", \"CVE-2011-2435\", \"CVE-2011-2436\", \"CVE-2011-2437\", \"CVE-2011-2438\", \"CVE-2011-2439\", \"CVE-2011-2440\", \"CVE-2011-2441\", \"CVE-2011-2442\", \"CVE-2011-2462\", \"CVE-2011-4369\");\n script_bugtraq_id(44638, 46187, 46198, 46199, 46200, 46201, 46202, 46204, 46207, 46208, 46209, 46210, 46211, 46212, 46213, 46214, 46216, 46217, 46218, 46219, 46220, 46221, 46222, 46251, 46252, 46254, 46255, 49073, 49074, 49075, 49076, 49077, 49079, 49080, 49081, 49082, 49083, 49084, 49085, 49086, 49186, 49572, 49575, 49576, 49577, 49578, 49579, 49580, 49581, 49582, 49583, 49584, 49585, 50922, 51092);\n script_xref(name:\"GLSA\", value:\"201201-19\");\n\n script_name(english:\"GLSA-201201-19 : Adobe Reader: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-201201-19\n(Adobe Reader: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in Adobe Reader. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker could entice a user to open a specially crafted PDF\n file using Adobe Reader, possibly resulting in the remote execution of\n arbitrary code, a Denial of Service, or other impact.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201201-19\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All Adobe Reader users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-text/acroread-9.4.7'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:H/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_set_attribute(attribute:\"exploited_by_malware\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Adobe Reader U3D Memory Corruption Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:acroread\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2012/01/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/01/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-text/acroread\", unaffected:make_list(\"ge 9.4.7\"), vulnerable:make_list(\"lt 9.4.7\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Adobe Reader\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2019-05-29T18:33:53", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2435", "CVE-2011-2438", "CVE-2011-2440", "CVE-2011-2439", "CVE-2011-1353", "CVE-2011-2431", "CVE-2011-2432", "CVE-2011-2434", "CVE-2011-2433", "CVE-2011-2442", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-2462", "CVE-2011-2441"], "description": "\nThe Adobe Security Team reports:\n\nAn unspecified vulnerability in the U3D component allows\n\t remote attackers to execute arbitrary code (or cause a denial\n\t of service attack) via unknown vectors.\n\n\nA heap-based buffer overflow allows attackers to execute\n\t arbitrary code via unspecified vectors.\n\n", "edition": 4, "modified": "2011-12-07T00:00:00", "published": "2011-12-07T00:00:00", "id": "FA2F386F-4814-11E1-89B4-001EC9578670", "href": "https://vuxml.freebsd.org/freebsd/fa2f386f-4814-11e1-89b4-001ec9578670.html", "title": "acroread9 -- Multiple Vulnerabilities", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:14", "bulletinFamily": "unix", "cvelist": ["CVE-2011-2416", "CVE-2011-2435", "CVE-2011-2438", "CVE-2011-0565", "CVE-2010-4091", "CVE-2011-2140", "CVE-2011-2440", "CVE-2011-2424", "CVE-2011-0590", "CVE-2011-0598", "CVE-2011-2134", "CVE-2011-0587", "CVE-2011-2138", "CVE-2011-0596", "CVE-2011-2139", "CVE-2011-2439", "CVE-2011-0563", "CVE-2011-0586", "CVE-2011-2431", "CVE-2011-0588", "CVE-2011-0603", "CVE-2011-0570", "CVE-2011-2432", "CVE-2011-2425", "CVE-2011-0595", "CVE-2011-0592", "CVE-2011-0566", "CVE-2011-0606", "CVE-2011-2414", "CVE-2011-0585", "CVE-2011-2434", "CVE-2011-2130", "CVE-2011-2137", "CVE-2011-2417", "CVE-2011-0591", "CVE-2011-2433", "CVE-2011-2135", "CVE-2011-0594", "CVE-2011-2442", "CVE-2011-0593", "CVE-2011-2437", "CVE-2011-2436", "CVE-2011-0602", "CVE-2011-0604", "CVE-2011-2136", "CVE-2011-4369", "CVE-2011-0567", "CVE-2011-0600", "CVE-2011-2415", "CVE-2011-2462", "CVE-2011-0562", "CVE-2011-0599", "CVE-2011-0589", "CVE-2011-2441", "CVE-2011-0605"], "description": "### Background\n\nAdobe Reader is a closed-source PDF reader.\n\n### Description\n\nMultiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker could entice a user to open a specially crafted PDF file using Adobe Reader, possibly resulting in the remote execution of arbitrary code, a Denial of Service, or other impact. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll Adobe Reader users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-text/acroread-9.4.7\"", "edition": 1, "modified": "2012-01-30T00:00:00", "published": "2012-01-30T00:00:00", "id": "GLSA-201201-19", "href": "https://security.gentoo.org/glsa/201201-19", "type": "gentoo", "title": "Adobe Reader: Multiple vulnerabilities", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}]}
