Executive Summary

Summary
TitleAdobe Reader: Multiple vulnerabilities
Informations
NameGLSA-201101-08First vendor Publication2011-01-21
VendorGentooLast vendor Modification2011-01-21
Severity (Vendor) NormalRevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score9.3Attack RangeNetwork
Cvss Impact Score10Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code.

Background

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.

Description

Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.

Impact

A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Reader users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.1"

References

[ 1 ] APSB10-21
http://www.adobe.com/support/security/bulletins/apsb10-21.html [ 2 ] APSB10-28
http://www.adobe.com/support/security/bulletins/apsb10-28.html [ 3 ] CVE-2010-2883 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
[ 4 ] CVE-2010-2884 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
[ 5 ] CVE-2010-2887 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
[ 6 ] CVE-2010-2889 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
[ 7 ] CVE-2010-2890 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
[ 8 ] CVE-2010-3619 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
[ 9 ] CVE-2010-3620 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
[ 10 ] CVE-2010-3621 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
[ 11 ] CVE-2010-3622 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
[ 12 ] CVE-2010-3625 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
[ 13 ] CVE-2010-3626 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
[ 14 ] CVE-2010-3627 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
[ 15 ] CVE-2010-3628 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
[ 16 ] CVE-2010-3629 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
[ 17 ] CVE-2010-3630 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
[ 18 ] CVE-2010-3632 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
[ 19 ] CVE-2010-3654 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3654
[ 20 ] CVE-2010-3656 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
[ 21 ] CVE-2010-3657 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
[ 22 ] CVE-2010-3658 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
[ 23 ] CVE-2010-4091 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201101-08.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201101-08.xml

CWE : Common Weakness Enumeration

idName
CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE-20Improper Input Validation
CWE-94Failure to Control Generation of Code ('Code Injection')

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:11586
 
Oval ID: oval:org.mitre.oval:def:11586
Title: Adobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow Vulnerability
Description: Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2883
Version: 20
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6852
 
Oval ID: oval:org.mitre.oval:def:6852
Title: Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2884
Version: 25
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Flash Player
Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:21982
 
Oval ID: oval:org.mitre.oval:def:21982
Title: RHSA-2010:0706: flash-plugin security update (Critical)
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: unix Class: patch
Reference(s): RHSA-2010:0706-01
CVE-2010-2884
Version: 4
Platform(s): Red Hat Enterprise Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23120
 
Oval ID: oval:org.mitre.oval:def:23120
Title: ELSA-2010:0706: flash-plugin security update (Critical)
Description: Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010.
Family: unix Class: patch
Reference(s): ELSA-2010:0706-01
CVE-2010-2884
Version: 6
Platform(s): Oracle Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14416
 
Oval ID: oval:org.mitre.oval:def:14416
Title: DEPRECATED: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Description: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2887
Version: 12
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7009
 
Oval ID: oval:org.mitre.oval:def:7009
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2889
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6830
 
Oval ID: oval:org.mitre.oval:def:6830
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-2890
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7385
 
Oval ID: oval:org.mitre.oval:def:7385
Title: Memory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3619
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7589
 
Oval ID: oval:org.mitre.oval:def:7589
Title: Adobe Reader and Acrobat Image Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3620
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7386
 
Oval ID: oval:org.mitre.oval:def:7386
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3621
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7138
 
Oval ID: oval:org.mitre.oval:def:7138
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3622
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6772
 
Oval ID: oval:org.mitre.oval:def:6772
Title: Adobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability."
Family: windows Class: vulnerability
Reference(s): CVE-2010-3625
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7382
 
Oval ID: oval:org.mitre.oval:def:7382
Title: Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3626
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7356
 
Oval ID: oval:org.mitre.oval:def:7356
Title: Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3627
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7455
 
Oval ID: oval:org.mitre.oval:def:7455
Title: Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3628
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7007
 
Oval ID: oval:org.mitre.oval:def:7007
Title: Adobe Reader and Acrobat Code Execution via crafted image Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3629
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7393
 
Oval ID: oval:org.mitre.oval:def:7393
Title: Adobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3630
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7057
 
Oval ID: oval:org.mitre.oval:def:7057
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3632
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22325
 
Oval ID: oval:org.mitre.oval:def:22325
Title: RHSA-2010:0829: flash-plugin security update (Critical)
Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family: unix Class: patch
Reference(s): RHSA-2010:0829-01
CVE-2010-3636
CVE-2010-3639
CVE-2010-3640
CVE-2010-3641
CVE-2010-3642
CVE-2010-3643
CVE-2010-3644
CVE-2010-3645
CVE-2010-3646
CVE-2010-3647
CVE-2010-3648
CVE-2010-3649
CVE-2010-3650
CVE-2010-3652
CVE-2010-3654
Version: 198
Platform(s): Red Hat Enterprise Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22102
 
Oval ID: oval:org.mitre.oval:def:22102
Title: RHSA-2010:0867: flash-plugin security update (Critical)
Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family: unix Class: patch
Reference(s): RHSA-2010:0867-02
CVE-2010-3636
CVE-2010-3639
CVE-2010-3640
CVE-2010-3641
CVE-2010-3642
CVE-2010-3643
CVE-2010-3644
CVE-2010-3645
CVE-2010-3646
CVE-2010-3647
CVE-2010-3648
CVE-2010-3649
CVE-2010-3650
CVE-2010-3652
CVE-2010-3654
Version: 198
Platform(s): Red Hat Enterprise Linux 6
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:13294
 
Oval ID: oval:org.mitre.oval:def:13294
Title: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3654
Version: 22
Platform(s): Microsoft Windows 7
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows XP
Microsoft Windows 2000
Product(s): Adobe Flash Player
Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23533
 
Oval ID: oval:org.mitre.oval:def:23533
Title: ELSA-2010:0867: flash-plugin security update (Critical)
Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family: unix Class: patch
Reference(s): ELSA-2010:0867-02
CVE-2010-3636
CVE-2010-3639
CVE-2010-3640
CVE-2010-3641
CVE-2010-3642
CVE-2010-3643
CVE-2010-3644
CVE-2010-3645
CVE-2010-3646
CVE-2010-3647
CVE-2010-3648
CVE-2010-3649
CVE-2010-3650
CVE-2010-3652
CVE-2010-3654
Version: 65
Platform(s): Oracle Linux 6
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23206
 
Oval ID: oval:org.mitre.oval:def:23206
Title: ELSA-2010:0829: flash-plugin security update (Critical)
Description: Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family: unix Class: patch
Reference(s): ELSA-2010:0829-01
CVE-2010-3636
CVE-2010-3639
CVE-2010-3640
CVE-2010-3641
CVE-2010-3642
CVE-2010-3643
CVE-2010-3644
CVE-2010-3645
CVE-2010-3646
CVE-2010-3647
CVE-2010-3648
CVE-2010-3649
CVE-2010-3650
CVE-2010-3652
CVE-2010-3654
Version: 65
Platform(s): Oracle Linux 5
Product(s): flash-plugin
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7484
 
Oval ID: oval:org.mitre.oval:def:7484
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3656
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6791
 
Oval ID: oval:org.mitre.oval:def:6791
Title: Adobe Reader and Acrobat Denial of Service Vulnerability.
Description: Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3657
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:7225
 
Oval ID: oval:org.mitre.oval:def:7225
Title: Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability.
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: windows Class: vulnerability
Reference(s): CVE-2010-3658
Version: 19
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Vista
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows 7
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22336
 
Oval ID: oval:org.mitre.oval:def:22336
Title: RHSA-2010:0743: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: unix Class: patch
Reference(s): RHSA-2010:0743-01
CVE-2010-2883
CVE-2010-2884
CVE-2010-2887
CVE-2010-2889
CVE-2010-2890
CVE-2010-3619
CVE-2010-3620
CVE-2010-3621
CVE-2010-3622
CVE-2010-3625
CVE-2010-3626
CVE-2010-3627
CVE-2010-3628
CVE-2010-3629
CVE-2010-3630
CVE-2010-3632
CVE-2010-3656
CVE-2010-3657
CVE-2010-3658
Version: 250
Platform(s): Red Hat Enterprise Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22988
 
Oval ID: oval:org.mitre.oval:def:22988
Title: ELSA-2010:0743: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632.
Family: unix Class: patch
Reference(s): ELSA-2010:0743-01
CVE-2010-2883
CVE-2010-2884
CVE-2010-2887
CVE-2010-2889
CVE-2010-2890
CVE-2010-3619
CVE-2010-3620
CVE-2010-3621
CVE-2010-3622
CVE-2010-3625
CVE-2010-3626
CVE-2010-3627
CVE-2010-3628
CVE-2010-3629
CVE-2010-3630
CVE-2010-3632
CVE-2010-3656
CVE-2010-3657
CVE-2010-3658
Version: 81
Platform(s): Oracle Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22268
 
Oval ID: oval:org.mitre.oval:def:22268
Title: RHSA-2010:0934: acroread security update (Critical)
Description: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): RHSA-2010:0934-02
CVE-2010-3654
CVE-2010-4091
Version: 29
Platform(s): Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 6
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:12527
 
Oval ID: oval:org.mitre.oval:def:12527
Title: Denial of service vulnerability in EScript.api plugin in Adobe Acrobat and Adobe Reader 9.4.0, 8.1.7 and other versions using a crafted PDF document
Description: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family: windows Class: vulnerability
Reference(s): CVE-2010-4091
Version: 14
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Vista
Microsoft Windows XP
Product(s): Adobe Acrobat
Adobe Reader
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23656
 
Oval ID: oval:org.mitre.oval:def:23656
Title: ELSA-2010:0934: acroread security update (Critical)
Description: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2010:0934-02
CVE-2010-3654
CVE-2010-4091
Version: 13
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:22281
 
Oval ID: oval:org.mitre.oval:def:22281
Title: DEPRECATED: ELSA-2010:0934: acroread security update (Critical)
Description: The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family: unix Class: patch
Reference(s): ELSA-2010:0934-02
CVE-2010-3654
CVE-2010-4091
Version: 14
Platform(s): Oracle Linux 5
Oracle Linux 6
Product(s): acroread
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application59
Application59
Application60
Application8

SAINT Exploits

DescriptionLink
Adobe Reader CoolType.dll buffer overflowMore info here
Adobe Flash Player Flash Content Parsing Code ExecutionMore info here

ExploitDB Exploits

idDescription
2011-04-19Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP...
2010-11-01Adobe Flash Player "Button" Remote Code Execution
2010-09-25Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-09-20Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

OpenVAS Exploits

DateDescription
2012-02-12Name : Gentoo Security Advisory GLSA 201201-19 (acroread)
File : nvt/glsa_201201_19.nasl
2011-09-07Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007)
File : nvt/gb_macosx_su10-007.nasl
2011-03-15Name : SuSE Update for acroread SUSE-SA:2011:011
File : nvt/gb_suse_2011_011.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201101-08 (acroread)
File : nvt/glsa_201101_08.nasl
2011-03-09Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash)
File : nvt/glsa_201101_09.nasl
2011-02-15Name : Adobe Reader Multiple Vulnerabilities February-2011 (Linux)
File : nvt/gb_adobe_reader_mult_vuln_feb11_lin.nasl
2011-02-15Name : Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_feb11_win.nasl
2011-01-04Name : SuSE Update for acoread SUSE-SA:2010:058
File : nvt/gb_suse_2010_058.nasl
2010-11-23Name : Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
File : nvt/gb_adobe_prdts_printseps_mem_crptn_vuln_win.nasl
2010-11-23Name : Adobe Reader 'printSeps()' Function Heap Corruption Vulnerability
File : nvt/gb_adobe_reader_printseps_mem_crptn_vuln_lin.nasl
2010-11-17Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin11.nasl
2010-11-16Name : SuSE Update for flash-player SUSE-SA:2010:055
File : nvt/gb_suse_2010_055.nasl
2010-11-10Name : Adobe Products Content Code Execution Vulnerability (Linux)
File : nvt/gb_adobe_prdts_arbitrary_code_exec_vuln_nov10_lin.nasl
2010-11-10Name : Adobe Products Content Code Execution Vulnerability (Windows)
File : nvt/gb_adobe_prdts_arbitrary_code_exec_vuln_nov10_win.nasl
2010-10-19Name : SuSE Update for acroread SUSE-SA:2010:048
File : nvt/gb_suse_2010_048.nasl
2010-10-18Name : Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows)
File : nvt/gb_adobe_prdts_mult_vuln_oct10_win.nasl
2010-10-18Name : Adobe Reader Multiple Unspecified Vulnerabilities -Oct10 (Linux)
File : nvt/gb_adobe_reader_mult_unspecified_oct10_lin.nasl
2010-10-10Name : FreeBSD Ports: linux-flashplugin
File : nvt/freebsd_linux-flashplugin10.nasl
2010-10-01Name : SuSE Update for flash-player SUSE-SA:2010:042
File : nvt/gb_suse_2010_042.nasl
2010-09-21Name : Adobe Reader/Flash Player Content Code Execution Vulnerability (Linux)
File : nvt/secpod_adobe_prdts_content_code_execution_vuln_lin.nasl
2010-09-21Name : Adobe Products Content Code Execution Vulnerability (Windows)
File : nvt/secpod_adobe_prdts_content_code_execution_vuln_win.nasl
2010-09-15Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win)
File : nvt/gb_adobe_prdts_sing_bof_vuln_win.nasl
2010-09-15Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux)
File : nvt/gb_adobe_reader_sing_bof_vuln_lin.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
69005Adobe Reader EScript.api Plugin printSeps Function Memory Corruption
68932Adobe Multiple Products Crafted SWF Movie Handling Overflow (2010-3654)
68435Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3658)
68434Adobe Reader / Acrobat Unspecified DoS (2010-3657)
68433Adobe Reader / Acrobat Unspecified DoS (2010-3656)
68432Adobe Reader / Acrobat Unspecified File Format String Handling Memory Corruption
68430Adobe Reader / Acrobat AcroRd32.dll sub_60AF56 Function Memory Corruption
68429Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...
68428Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3628)
68427Adobe Reader / Acrobat PDF Flash Code Handling Arbitrary Code Execution
68426Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...
68425Adobe Reader / Acrobat Prefix Protocol Handler Arbitrary Code Execution (2010...
68422Adobe Reader / Acrobat ACE.dll ICC Stream mluc Structure Handling Memory Corr...
68421Adobe Reader / Acrobat ACE.dll ICC Stream Handling Memory Corruption
68420Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20...
68419Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3619)
68418Adobe Reader / Acrobat Unspecified Memory Corruption (2010-2890)
68416Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201...
68412Adobe Reader / Acrobat on Linux Multiple Unspecified Privilege Escalation
68024Adobe Flash Player Unspecified Code Execution
67849Adobe Reader / Acrobat CoolType.dll SING (Smart INdependent Glyphlets) Font u...

Snort® IPS/IDS

DateDescription
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28727 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28726 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28725 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt
RuleID : 28723 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt
RuleID : 28722 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28657 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28656 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28655 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28654 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28653 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28652 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28651 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28650 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28649 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28648 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28647 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28646 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28645 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28644 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28380 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28379 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28378 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28377 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28376 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28375 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 28374 - Revision : 2 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28261 - Revision : 2 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC remote memory corruption attempt
RuleID : 28260 - Revision : 1 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC remote memory corruption attempt
RuleID : 28257 - Revision : 2 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 28256 - Revision : 2 - Type : FILE-PDF
2014-01-10Teletubbies exploit kit payload download
RuleID : 27887 - Revision : 1 - Type : EXPLOIT-KIT
2014-01-10Teletubbies exploit kit exploit attempt for Adobe Flash Player
RuleID : 27882 - Revision : 1 - Type : EXPLOIT-KIT
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19280 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19279 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19278 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19277 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19276 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over pop3
RuleID : 19275 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over smtp
RuleID : 19274 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over smtp
RuleID : 19273 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over smtp
RuleID : 19272 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over smtp
RuleID : 19271 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash over smtp
RuleID : 19270 - Revision : 4 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash
RuleID : 19269 - Revision : 9 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash
RuleID : 19268 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Flash player content parsing execution attempt
RuleID : 18992 - Revision : 8 - Type : FILE-FLASH
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18991 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18990 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18989 - Revision : 9 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 18988 - Revision : 8 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 18987 - Revision : 10 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution...
RuleID : 18986 - Revision : 10 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader ICC mluc integer overflow attempt
RuleID : 18308 - Revision : 10 - Type : FILE-PDF
2014-01-10Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt
RuleID : 18102 - Revision : 14 - Type : FILE-PDF
2014-01-10Adobe Flash authplay.dll memory corruption attempt
RuleID : 17808 - Revision : 6 - Type : FILE-FLASH
2014-01-10Adobe Flash Player and Reader remote code execution attempt
RuleID : 17257 - Revision : 10 - Type : FILE-FLASH
2014-01-10Adobe Acrobat Reader TTF SING table parsing remote code execution attempt
RuleID : 17233 - Revision : 9 - Type : FILE-PDF
2014-01-10attempted download of a PDF with embedded Flash
RuleID : 15727 - Revision : 22 - Type : FILE-PDF

Metasploit Database

idDescription
2010-10-28 Adobe Flash Player "Button" Remote Code Execution
2010-09-07 Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow
2010-09-07 Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow

Nessus® Vulnerability Scanner

DateDescription
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_acroread-101206.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_acroread-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_acroread-101007.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0829.nasl - Type : ACT_GATHER_INFO
2013-01-24Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0834.nasl - Type : ACT_GATHER_INFO
2012-01-31Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201201-19.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-101206.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_2_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-101206.nasl - Type : ACT_GATHER_INFO
2011-03-07Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-110301.nasl - Type : ACT_GATHER_INFO
2011-03-07Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-110301.nasl - Type : ACT_GATHER_INFO
2011-03-07Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7358.nasl - Type : ACT_GATHER_INFO
2011-03-07Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-7359.nasl - Type : ACT_GATHER_INFO
2011-02-09Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb11-03.nasl - Type : ACT_GATHER_INFO
2011-02-09Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsb11-03.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7181.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread-7266.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-7182.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_acroread_ja-7267.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7165.nasl - Type : ACT_GATHER_INFO
2011-01-27Name : The remote SuSE 10 host is missing a security-related patch.
File : suse_flash-player-7223.nasl - Type : ACT_GATHER_INFO
2011-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201101-08.nasl - Type : ACT_GATHER_INFO
2011-01-24Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO
2010-12-09Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-101203.nasl - Type : ACT_GATHER_INFO
2010-12-09Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-101203.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_acroread_ja-101007.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0934.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-12-02Name : The remote SuSE 11 host is missing a security update.
File : suse_11_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2010-11-18Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0867.nasl - Type : ACT_GATHER_INFO
2010-11-16Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsb10-28.nasl - Type : ACT_GATHER_INFO
2010-11-16Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsb10-28.nasl - Type : ACT_GATHER_INFO
2010-11-15Name : The remote Windows host contains a version of Adobe AIR that is affected by m...
File : adobe_air_apsb10-26.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes various security issues.
File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-10Name : The remote host is missing a Mac OS X update that fixes security issues.
File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-08Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_76b597e4e9c611df9e10001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-11-05Name : The remote Windows host contains a browser plug-in that is affected by multip...
File : flash_player_apsb10-26.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote openSUSE host is missing a security update.
File : suse_11_2_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-10-11Name : The remote openSUSE host is missing a security update.
File : suse_11_1_acroread-101007.nasl - Type : ACT_GATHER_INFO
2010-10-07Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2010-0743.nasl - Type : ACT_GATHER_INFO
2010-09-23Name : The remote FreeBSD host is missing one or more security-related updates.
File : freebsd_pkg_8a34d9e6c66211dfb2e1001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-09-22Name : The remote Red Hat host is missing a security update.
File : redhat-RHSA-2010-0706.nasl - Type : ACT_GATHER_INFO
2010-09-22Name : The remote openSUSE host is missing a security update.
File : suse_11_1_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-09-22Name : The remote openSUSE host is missing a security update.
File : suse_11_2_flash-player-100921.nasl - Type : ACT_GATHER_INFO
2010-09-21Name : The remote Windows host contains a browser plug-in that is affected by a code...
File : flash_player_apsb10-22.nasl - Type : ACT_GATHER_INFO
2010-09-09Name : The version of Adobe Acrobat on the remote Windows host is affected by multip...
File : adobe_acrobat_apsa10-02.nasl - Type : ACT_GATHER_INFO
2010-09-09Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsa10-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
DateInformations
2014-02-17 11:36:59
  • Multiple Updates