GLSA-201101-08

Executive Summary

Summary
Title	Adobe Reader: Multiple vulnerabilities

Informations
Name	GLSA-201101-08	First vendor Publication	2011-01-21
Vendor	Gentoo	Last vendor Modification	2011-01-21
Severity (Vendor)	Normal	Revision	N/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentification	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code.

Background

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.

Description

Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.

Impact

A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Reader users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1"

References

[ 1 ] APSB10-21
http://www.adobe.com/support/security/bulletins/apsb10-21.html [ 2 ] APSB10-28
http://www.adobe.com/support/security/bulletins/apsb10-28.html [ 3 ] CVE-2010-2883 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
[ 4 ] CVE-2010-2884 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 5 ] CVE-2010-2887 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
[ 6 ] CVE-2010-2889 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
[ 7 ] CVE-2010-2890 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
[ 8 ] CVE-2010-3619 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
[ 9 ] CVE-2010-3620 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
[ 10 ] CVE-2010-3621 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
[ 11 ] CVE-2010-3622 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
[ 12 ] CVE-2010-3625 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
[ 13 ] CVE-2010-3626 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
[ 14 ] CVE-2010-3627 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
[ 15 ] CVE-2010-3628 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
[ 16 ] CVE-2010-3629 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
[ 17 ] CVE-2010-3630 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
[ 18 ] CVE-2010-3632 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
[ 19 ] CVE-2010-3654 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 20 ] CVE-2010-3656 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
[ 21 ] CVE-2010-3657 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
[ 22 ] CVE-2010-3658 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
[ 23 ] CVE-2010-4091 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201101-08.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201101-08.xml

CWE : Common Weakness Enumeration

id	Name
CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20	Improper Input Validation
CWE-94	Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11586

Oval ID:	oval:org.mitre.oval:def:11586
Title:	Adobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow Vulnerability
Description:	Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2883	Version:	13
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:6852

Oval ID:	oval:org.mitre.oval:def:6852
Title:	Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability
Description:	Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2884	Version:	14
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Flash Player Adobe Reader Adobe Acrobat
Definition Synopsis:
Vulnerable version of Adobe Flash Player Adobe Flash Player is installed AND Adobe Flash Player version installed on the system is less than or equal to 10.1.82.76 OR Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:14416

Oval ID:	oval:org.mitre.oval:def:14416
Title:	Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Description:	Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2887	Version:	7
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Adobe Acrobat Adobe Reader
Definition Synopsis:
Adobe Acrobat library is less than or equal to 9.3.4 and is greater than or equal to 9.0 Adobe Acrobat 9 Series is installed AND Adobe Acrobat library is less than or equal to 9.3.4 AND Determine if the version of Adobe Acrobat is greater than or equal to 9.0 OR Adobe Reader library is less than or equal to 9.3.4 and is greater than or equal to 9.0 Adobe Reader 9 Series is installed AND Adobe Reader library is less than or equal to 9.3.4 AND Determine if the version of Adobe Reader is greater than or equal to 9.0

Definition Id: oval:org.mitre.oval:def:7009

Oval ID:	oval:org.mitre.oval:def:7009
Title:	Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2889	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:6830

Oval ID:	oval:org.mitre.oval:def:6830
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-2890	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7385

Oval ID:	oval:org.mitre.oval:def:7385
Title:	Memory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3619	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7589

Oval ID:	oval:org.mitre.oval:def:7589
Title:	Adobe Reader and Acrobat Image Parsing Code Execution Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3620	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7386

Oval ID:	oval:org.mitre.oval:def:7386
Title:	Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3621	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7138

Oval ID:	oval:org.mitre.oval:def:7138
Title:	Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3622	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:6772

Oval ID:	oval:org.mitre.oval:def:6772
Title:	Adobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3625	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7382

Oval ID:	oval:org.mitre.oval:def:7382
Title:	Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3626	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7356

Oval ID:	oval:org.mitre.oval:def:7356
Title:	Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3627	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7455

Oval ID:	oval:org.mitre.oval:def:7455
Title:	Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3628	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7007

Oval ID:	oval:org.mitre.oval:def:7007
Title:	Adobe Reader and Acrobat Code Execution via crafted image Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3629	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7393

Oval ID:	oval:org.mitre.oval:def:7393
Title:	Adobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3630	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7057

Oval ID:	oval:org.mitre.oval:def:7057
Title:	Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3632	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:13294

Oval ID:	oval:org.mitre.oval:def:13294
Title:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3654	Version:	8
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000	Product(s):	Adobe Flash Player Adobe Acrobat Adobe Reader
Definition Synopsis:
Determine if the version of Adobe Flash Player is less than or equal to 9.125.0 and is greater than or equal to 9.0.16 Adobe Flash Player 9 is installed AND Determine if the version of Adobe Flash Player is less than or equal to 9.125.0 AND Determine if the version of Adobe Flash Player is greater than or equal to 9.0.16 OR Determine if the version of Adobe Flash Player is less than or equal to 10.1.95.2 and is greater than or equal to 10.0.0.584 Adobe Flash Player 10 is installed AND Determine if the version of Adobe Flash Player is less than or equal to 10.1.95.2 AND Determine if the version of Adobe Flash Player is greater than or equal to 10.0.0.584 OR Determine if the version of Adobe Acrobat is less than or equal to 9.4 and is greater than or equal to 9.0 Adobe Acrobat 9 Series is installed AND Determine if the version of Adobe Acrobat is less than or equal to 9.4 AND Determine if the version of Adobe Acrobat is greater than or equal to 9.0 OR Determine if the version of Adobe Flash Player is less than or equal to 7.2 and is greater than or equal to 7.0.1 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal to 7.2 AND Determine if the version of Adobe Flash Player is greater than or equal to 7.0.1 OR Determine if the version of Adobe Flash Player is less than or equal to 8.0.42.0 and is greater than or equal to 8.0.22.0 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal to 8.0.42.0 AND Determine if the version of Adobe Flash Player is greater than or equal to 8.0.22.0 OR Determine if the version of Adobe Flash Player is less than or equal to 6.0.79 and is greater than or equal to 6.0.21.0 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal to 6.0.79 AND Determine if the version of Adobe Flash Player is greater than or equal to 6.0.21.0 OR Determine if the version of Adobe Reader is less than or equal to 9.4 and is greater than or equal to 9.0 Adobe Reader 9 Series is installed AND Determine if the version of Adobe Reader is less than or equal to 9.4 AND Determine if the version of Adobe Reader is greater than or equal to 9.0

Definition Id: oval:org.mitre.oval:def:7484

Oval ID:	oval:org.mitre.oval:def:7484
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3656	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:6791

Oval ID:	oval:org.mitre.oval:def:6791
Title:	Adobe Reader and Acrobat Denial of Service Vulnerability.
Description:	Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3657	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:7225

Oval ID:	oval:org.mitre.oval:def:7225
Title:	Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description:	Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3658	Version:	12
Platform(s):	Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7	Product(s):	Adobe Reader Adobe Acrobat
Definition Synopsis:
Adobe Reader 8 Adobe Reader 8 Series is installed AND Adobe Reader 8, the sub-version is vulnerable Adobe Reader is less than or equal to 8.2.4 AND Adobe Reader library is less than or equal to 8.2.4 OR Adobe Reader 9 Adobe Reader 9 Series is installed AND Adobe Reader 9, the sub-version is vulnerable Adobe Reader is less than or equal to 9.3.4 AND Adobe Reader library is less than or equal to 9.3.4 OR Adobe Acrobat 9 Adobe Acrobat 9 Series is installed AND Adobe Acrobat 9, the sub-version is vulnerable Adobe Acrobat is less than or equal to 9.3.4 AND Adobe Acrobat library is less than or equal to 9.3.4 OR Adobe Acrobat 8 Adobe Acrobat 8 Series is installed AND Adobe Acrobat 8, the sub-version is vulnerable Adobe Acrobat is less than or equal to 8.2.4 AND Adobe Acrobat library is less than or equal to 8.2.4

Definition Id: oval:org.mitre.oval:def:12527

Oval ID:	oval:org.mitre.oval:def:12527
Title:	Denial of service vulnerability in EScript.api plugin in Adobe Acrobat and Adobe Reader 9.4.0, 8.1.7 and other versions using a crafted PDF document
Description:	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-4091	Version:	10
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Adobe Acrobat Adobe Reader
Definition Synopsis:
Adobe reader 8 series installed and version is greater than or equal to 8.0.0 along with the existence of EScript.api Adobe Reader 8 Series is installed AND Check the existence of EScript.api in Adobe Reader 8 OR Adobe Acrobat 9 series installed and version is greater than or equal to 9.0.0 along with the existence of EScript.api Adobe Acrobat 9 Series is installed AND Check the existence of EScript.api in Adobe Acrobat 9 AND Check if the version of Adobe Acrobat is less than or equal to 9.4.0 OR Adobe reader 9 series installed and version is less than or equal to 9.4.0 along with the existence of EScript.api Adobe Reader 9 Series is installed AND Check the existence of EScript.api in Adobe Reader 9 AND Check if the version of Adobe Reader is less than or equal to 9.4.0

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:/a:adobe:acrobat:10.0 cpe:/a:adobe:acrobat:9.4 cpe:/a:adobe:acrobat:9.3.4 cpe:/a:adobe:acrobat:9.3.3 cpe:/a:adobe:acrobat:9.3.2 cpe:/a:adobe:acrobat:9.3.1 cpe:/a:adobe:acrobat:9.3 cpe:/a:adobe:acrobat:9.2 cpe:/a:adobe:acrobat:9.1.3 cpe:/a:adobe:acrobat:9.1.2 cpe:/a:adobe:acrobat:9.1.1 cpe:/a:adobe:acrobat:9.1 cpe:/a:adobe:acrobat:9.0 cpe:/a:adobe:acrobat:8.2.4 cpe:/a:adobe:acrobat:8.2.3 cpe:/a:adobe:acrobat:8.2.2 cpe:/a:adobe:acrobat:8.2.1 cpe:/a:adobe:acrobat:8.2 cpe:/a:adobe:acrobat:8.1.7 cpe:/a:adobe:acrobat:8.1.6 cpe:/a:adobe:acrobat:8.1.5 cpe:/a:adobe:acrobat:8.1.4 cpe:/a:adobe:acrobat:8.1.3 cpe:/a:adobe:acrobat:8.1.2 cpe:/a:adobe:acrobat:8.1.1 cpe:/a:adobe:acrobat:8.1 cpe:/a:adobe:acrobat:8.0.0 cpe:/a:adobe:acrobat:7.1.4 cpe:/a:adobe:acrobat:7.1.3 cpe:/a:adobe:acrobat:7.1.2 cpe:/a:adobe:acrobat:7.1.1 cpe:/a:adobe:acrobat:7.1.0 cpe:/a:adobe:acrobat:7.0.9 cpe:/a:adobe:acrobat:7.0.8 cpe:/a:adobe:acrobat:7.0.7 cpe:/a:adobe:acrobat:7.0.6 cpe:/a:adobe:acrobat:7.0.5 cpe:/a:adobe:acrobat:7.0.4 cpe:/a:adobe:acrobat:7.0.3 cpe:/a:adobe:acrobat:7.0.2 cpe:/a:adobe:acrobat:7.0.1 cpe:/a:adobe:acrobat:7.0 cpe:/a:adobe:acrobat:6.0.6 cpe:/a:adobe:acrobat:6.0.5 cpe:/a:adobe:acrobat:6.0.4 cpe:/a:adobe:acrobat:6.0.3 cpe:/a:adobe:acrobat:6.0.2 cpe:/a:adobe:acrobat:6.0.1 cpe:/a:adobe:acrobat:6.0 cpe:/a:adobe:acrobat:5.0.6 cpe:/a:adobe:acrobat:5.0.5 cpe:/a:adobe:acrobat:5.0.10 cpe:/a:adobe:acrobat:5.0 cpe:/a:adobe:acrobat:4.0.5c cpe:/a:adobe:acrobat:4.0.5a cpe:/a:adobe:acrobat:4.0.5 cpe:/a:adobe:acrobat:4.0 cpe:/a:adobe:acrobat:3.1 cpe:/a:adobe:acrobat:3.0	59
Application	Adobe Acrobat Reader cpe:/a:adobe:acrobat_reader:10.0 cpe:/a:adobe:acrobat_reader:9.4 cpe:/a:adobe:acrobat_reader:9.3.4 cpe:/a:adobe:acrobat_reader:9.3.3 cpe:/a:adobe:acrobat_reader:9.3.2 cpe:/a:adobe:acrobat_reader:9.3.1 cpe:/a:adobe:acrobat_reader:9.3 cpe:/a:adobe:acrobat_reader:9.2 cpe:/a:adobe:acrobat_reader:9.1.3 cpe:/a:adobe:acrobat_reader:9.1.2 cpe:/a:adobe:acrobat_reader:9.1.1 cpe:/a:adobe:acrobat_reader:9.1 cpe:/a:adobe:acrobat_reader:9.0 cpe:/a:adobe:acrobat_reader:8.2.4 cpe:/a:adobe:acrobat_reader:8.2.3 cpe:/a:adobe:acrobat_reader:8.2.2 cpe:/a:adobe:acrobat_reader:8.2.1 cpe:/a:adobe:acrobat_reader:8.2 cpe:/a:adobe:acrobat_reader:8.1.7 cpe:/a:adobe:acrobat_reader:8.1.6 cpe:/a:adobe:acrobat_reader:8.1.5 cpe:/a:adobe:acrobat_reader:8.1.4 cpe:/a:adobe:acrobat_reader:8.1.2 cpe:/a:adobe:acrobat_reader:8.1.1 cpe:/a:adobe:acrobat_reader:8.1 cpe:/a:adobe:acrobat_reader:8.0 cpe:/a:adobe:acrobat_reader:7.1.0 cpe:/a:adobe:acrobat_reader:7.0.9 cpe:/a:adobe:acrobat_reader:7.0.8 cpe:/a:adobe:acrobat_reader:7.0.7 cpe:/a:adobe:acrobat_reader:7.0.6 cpe:/a:adobe:acrobat_reader:7.0.5 cpe:/a:adobe:acrobat_reader:7.0.4 cpe:/a:adobe:acrobat_reader:7.0.3 cpe:/a:adobe:acrobat_reader:7.0.2 cpe:/a:adobe:acrobat_reader:7.0.1 cpe:/a:adobe:acrobat_reader:7.0 cpe:/a:adobe:acrobat_reader:6.0.5 cpe:/a:adobe:acrobat_reader:6.0.4 cpe:/a:adobe:acrobat_reader:6.0.3 cpe:/a:adobe:acrobat_reader:6.0.2 cpe:/a:adobe:acrobat_reader:6.0.1 cpe:/a:adobe:acrobat_reader:6.0 cpe:/a:adobe:acrobat_reader:5.1 cpe:/a:adobe:acrobat_reader:5.0.9 cpe:/a:adobe:acrobat_reader:5.0.7 cpe:/a:adobe:acrobat_reader:5.0.6 cpe:/a:adobe:acrobat_reader:5.0.5 cpe:/a:adobe:acrobat_reader:5.0.11 cpe:/a:adobe:acrobat_reader:5.0.10 cpe:/a:adobe:acrobat_reader:5.0 cpe:/a:adobe:acrobat_reader:4.5 cpe:/a:adobe:acrobat_reader:4.0.5c cpe:/a:adobe:acrobat_reader:4.0.5a cpe:/a:adobe:acrobat_reader:4.0.5 cpe:/a:adobe:acrobat_reader:4.0 cpe:/a:adobe:acrobat_reader:3.02 cpe:/a:adobe:acrobat_reader:3.01 cpe:/a:adobe:acrobat_reader:3.0	59
Application	Adobe Flash Player cpe:/a:adobe:flash_player:10.1.95.2 cpe:/a:adobe:flash_player:10.1.92.8 cpe:/a:adobe:flash_player:10.1.92.10 cpe:/a:adobe:flash_player:10.1.85.3 cpe:/a:adobe:flash_player:10.1.82.76 cpe:/a:adobe:flash_player:10.1.53.64 cpe:/a:adobe:flash_player:10.1.52.15 cpe:/a:adobe:flash_player:10.1.52.14.1 cpe:/a:adobe:flash_player:10.0.45.2 cpe:/a:adobe:flash_player:10.0.42.34 cpe:/a:adobe:flash_player:10.0.32.18 cpe:/a:adobe:flash_player:10.0.22.87 cpe:/a:adobe:flash_player:10.0.15.3 cpe:/a:adobe:flash_player:10.0.12.36 cpe:/a:adobe:flash_player:10.0.12.10 cpe:/a:adobe:flash_player:10.0.0.584 cpe:/a:adobe:flash_player:9.125.0 cpe:/a:adobe:flash_player:9.0.48.0 cpe:/a:adobe:flash_player:9.0.47.0 cpe:/a:adobe:flash_player:9.0.45.0 cpe:/a:adobe:flash_player:9.0.31.0 cpe:/a:adobe:flash_player:9.0.31 cpe:/a:adobe:flash_player:9.0.28.0 cpe:/a:adobe:flash_player:9.0.28 cpe:/a:adobe:flash_player:9.0.260.0 cpe:/a:adobe:flash_player:9.0.246.0 cpe:/a:adobe:flash_player:9.0.20.0 cpe:/a:adobe:flash_player:9.0.20 cpe:/a:adobe:flash_player:9.0.18d60 cpe:/a:adobe:flash_player:9.0.16 cpe:/a:adobe:flash_player:9.0.159.0 cpe:/a:adobe:flash_player:9.0.152.0 cpe:/a:adobe:flash_player:9.0.151.0 cpe:/a:adobe:flash_player:9.0.125.0 cpe:/a:adobe:flash_player:9.0.124.0 cpe:/a:adobe:flash_player:9.0.115.0 cpe:/a:adobe:flash_player:9.0.114.0 cpe:/a:adobe:flash_player:9.0.112.0 cpe:/a:adobe:flash_player:9 cpe:/a:adobe:flash_player:8.0.42.0 cpe:/a:adobe:flash_player:8.0.39.0 cpe:/a:adobe:flash_player:8.0.35.0 cpe:/a:adobe:flash_player:8.0.34.0 cpe:/a:adobe:flash_player:8.0.33.0 cpe:/a:adobe:flash_player:8.0.24.0 cpe:/a:adobe:flash_player:8.0.22.0 cpe:/a:adobe:flash_player:8.0 cpe:/a:adobe:flash_player:8 cpe:/a:adobe:flash_player:7.2 cpe:/a:adobe:flash_player:7.1.1 cpe:/a:adobe:flash_player:7.1 cpe:/a:adobe:flash_player:7.0.70.0 cpe:/a:adobe:flash_player:7.0.69.0 cpe:/a:adobe:flash_player:7.0.63 cpe:/a:adobe:flash_player:7.0.25 cpe:/a:adobe:flash_player:7.0.1 cpe:/a:adobe:flash_player:7.0 cpe:/a:adobe:flash_player:7 cpe:/a:adobe:flash_player:6.0.79 cpe:/a:adobe:flash_player:6.0.21.0	60
Application	Macromedia Flash Player cpe:/a:macromedia:flash_player:6.0.79.0 cpe:/a:macromedia:flash_player:6.0.65.0 cpe:/a:macromedia:flash_player:6.0.47.0 cpe:/a:macromedia:flash_player:6.0.40.0 cpe:/a:macromedia:flash_player:6.0.29.0 cpe:/a:macromedia:flash_player:6.0 cpe:/a:macromedia:flash_player:5.0_r50 cpe:/a:macromedia:flash_player:5.0	8

SAINT Exploits

Description	Link
Adobe Reader CoolType.dll buffer overflow	More info here
Adobe Flash Player Flash Content Parsing Code Execution	More info here

ExploitDB Exploits

id	Description
2011-04-19	Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP+AS...
2010-11-01	Adobe Flash Player "Button" Remote Code Execution
2010-09-25	Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-09-20	Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

Open Source Vulnerability Database (OSVDB)

id	Description
69005	Adobe Reader EScript.api Plugin printSeps Function Memory Corruption
68932	Adobe Multiple Products Crafted SWF Movie Handling Overflow (2010-3654)
68435	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3658)
68434	Adobe Reader / Acrobat Unspecified DoS (2010-3657)
68433	Adobe Reader / Acrobat Unspecified DoS (2010-3656)
68432	Adobe Reader / Acrobat Unspecified File Format String Handling Memory Corruption
68430	Adobe Reader / Acrobat AcroRd32.dll sub_60AF56 Function Memory Corruption
68429	Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...
68428	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3628)
68427	Adobe Reader / Acrobat PDF Flash Code Handling Arbitrary Code Execution
68426	Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...
68425	Adobe Reader / Acrobat Prefix Protocol Handler Arbitrary Code Execution (2010...
68422	Adobe Reader / Acrobat ACE.dll ICC Stream mluc Structure Handling Memory Corr...
68421	Adobe Reader / Acrobat ACE.dll ICC Stream Handling Memory Corruption
68420	Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...
68419	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3619)
68418	Adobe Reader / Acrobat Unspecified Memory Corruption (2010-2890)
68416	Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...
68412	Adobe Reader / Acrobat on Linux Multiple Unspecified Privilege Escalation
68024	Adobe Flash Player Unspecified Code Execution
67849	Adobe Reader / Acrobat CoolType.dll SING (Smart INdependent Glyphlets) Font u...

Metasploit Database

id	Description
2010-10-28	Adobe Flash Player "Button" Remote Code Execution
2010-09-07	Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-09-07	Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

Global Informations

Type	Count
Oval ID(s)	21
CPE ID(s)	186
Saint Exploit(s)	2
osvdb(s)	21
ExploitDB Exploit(s)	4
Metasploit Exploit(s)	3

Related	Severity
CVE-2010-4091	(Critical)
CVE-2010-3658	(Critical)
CVE-2010-3654	(Critical)
CVE-2010-3632	(Critical)
CVE-2010-3630	(Critical)
CVE-2010-3629	(Critical)
CVE-2010-3628	(Critical)
CVE-2010-3627	(Critical)
CVE-2010-3626	(Critical)
CVE-2010-3625	(Critical)
CVE-2010-3622	(Critical)
CVE-2010-3621	(Critical)
CVE-2010-3620	(Critical)
CVE-2010-3619	(Critical)
CVE-2010-2890	(Critical)
CVE-2010-2889	(Critical)
CVE-2010-2887	(Critical)
CVE-2010-2884	(Critical)
CVE-2010-2883	(Critical)
CVE-2010-3657	(Medium)
CVE-2010-3656	(Medium)