9.3 - RHSA-2010:0934

Executive Summary

Summary
Title	acroread security update

Informations
Name	RHSA-2010:0934	First vendor Publication	2010-12-01
Vendor	RedHat	Last vendor Modification	2010-12-01
Severity (Vendor)	Critical	Revision	01

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Cvss Base Score	9.3	Attack Range	Network
Cvss Impact Score	10	Attack Complexity	Medium
Cvss Expoit Score	8.6	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Problem Description:

Updated acroread packages that fix two security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

2. Relevant releases/architectures:

RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - x86_64 Red Hat Enterprise Linux AS version 4 Extras - x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64

3. Description:

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes two vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-28, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-3654, CVE-2010-4091)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.1, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

4. Solution:

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259

5. Bugs fixed (http://bugzilla.redhat.com/):

647525 - CVE-2010-3654 acroread/flash-plugin: critical vulnerablility (APSA10-05, APSB10-26) 651133 - CVE-2010-4091 acroread: remote DoS or possible arbitrary code execution via EScript.api plugin

Original Source

Url : https://rhn.redhat.com/errata/RHSA-2010-0934.html

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:12527

Oval ID:	oval:org.mitre.oval:def:12527
Title:	Denial of service vulnerability in EScript.api plugin in Adobe Acrobat and Adobe Reader 9.4.0, 8.1.7 and other versions using a crafted PDF document
Description:	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-4091	Version:	14
Platform(s):	Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows XP	Product(s):	Adobe Acrobat Adobe Reader
Definition Synopsis:
Adobe reader 8 series installed and version is greater than or equal to 8.0.0 along with the existence of EScript.api Adobe Reader 8 Series is installed AND Check the existence of EScript.api in Adobe Reader 8 OR Adobe Acrobat 9 series installed and version is greater than or equal to 9.0.0 along with the existence of EScript.api Adobe Acrobat 9 Series is installed AND Check the existence of EScript.api in Adobe Acrobat 9 AND Check if the version of Adobe Acrobat is less than or equal to 9.4.0 OR Adobe reader 9 series installed and version is less than or equal to 9.4.0 along with the existence of EScript.api Adobe Reader 9 Series is installed AND Check the existence of EScript.api in Adobe Reader 9 AND Check if the version of Adobe Reader is less than or equal to 9.4.0

Definition Id: oval:org.mitre.oval:def:13294

Oval ID:	oval:org.mitre.oval:def:13294
Title:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	windows	Class:	vulnerability
Reference(s):	CVE-2010-3654	Version:	24
Platform(s):	Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2	Product(s):	Adobe Flash Player Adobe Acrobat Adobe Reader
Definition Synopsis:
Determine if the version of Adobe Flash Player is less than or equal 9.125.0 and is greater than or equal 9.0.16 Adobe Flash Player 9 is installed AND Determine if the version of Adobe Flash Player is less than or equal 9.125.0 AND _ OR Determine if the version of Adobe Flash Player is less than or equal 10.1.95.2 and is greater than or equal 10.0.0.584 Adobe Flash Player 10 is installed AND Determine if the version of Adobe Flash Player is less than or equal 10.1.95.2 AND Determine if the version of Adobe Flash Player is greater than or equal 10.0.0.584 OR Determine if the version of Adobe Acrobat is less than or equal 9.4 and is greater than or equal 9.0 Adobe Acrobat 9 Series is installed AND Determine if the version of Adobe Acrobat is less than or equal 9.4 AND Determine if the version of Adobe Acrobat is greater than or equal 9.0 OR Determine if the version of Adobe Flash Player is less than or equal 7.2 and is greater than or equal 7.0.1 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal 7.2 AND Determine if the version of Adobe Flash Player is greater than or equal 7.0.1 OR Determine if the version of Adobe Flash Player is less than or equal 8.0.42.0 and is greater than or equal 8.0.22.0 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal 8.0.42.0 AND Determine if the version of Adobe Flash Player is greater than or equal 8.0.22.0 OR Determine if the version of Adobe Flash Player is less than or equal 6.0.79 and is greater than or equal 6.0.21.0 Adobe Flash Player is installed AND Determine if the version of Adobe Flash Player is less than or equal 6.0.79 AND Determine if the version of Adobe Flash Player is greater than or equal 6.0.21.0 OR Determine if the version of Adobe Reader is less than or equal 9.4 and is greater than or equal 9.0 Adobe Reader 9 Series is installed AND Determine if the version of Adobe Reader is less than or equal 9.4 AND Determine if the version of Adobe Reader is greater than or equal 9.0 OR Flash.ocx section ActiveX Control is installed AND Flash.ocx versions section Flash.ocx 9 section Determine if the version of Flash.ocx is less than or equal 9.125.0 AND Determine if the version of Flash.ocx is greater than or equal 9.0.16 OR Flash.ocx 10 section Determine if the version of Flash.ocx is less than or equal 10.1.95.2 AND Determine if the version of Flash.ocx is greater than or equal 10.0.0.584 OR Flash.ocx 7 section Determine if the version of Flash.ocx is less than or equal 7.2 AND Determine if the version of Flash.ocx is greater than or equal 7.0.1 OR Flash.ocx 8 section Determine if the version of Flash.ocx is less than or equal 8.0.42.0 AND Determine if the version of Flash.ocx is greater than or equal 8.0.22.0 OR Flash.ocx 6 section Determine if the version of Flash.ocx is less than or equal 6.0.79 AND Determine if the version of Flash.ocx is greater than or equal 6.0.21.0

Definition Id: oval:org.mitre.oval:def:22102

Oval ID:	oval:org.mitre.oval:def:22102
Title:	RHSA-2010:0867: flash-plugin security update (Critical)
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0867-02 CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654	Version:	198
Platform(s):	Red Hat Enterprise Linux 6	Product(s):	flash-plugin
Definition Synopsis:
flash-plugin is earlier than 0:10.1.102.64-1.el6 AND The operating system installed on the system is Red Hat Enterprise Linux 6

Definition Id: oval:org.mitre.oval:def:22268

Oval ID:	oval:org.mitre.oval:def:22268
Title:	RHSA-2010:0934: acroread security update (Critical)
Description:	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0934-02 CVE-2010-3654 CVE-2010-4091	Version:	29
Platform(s):	Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6	Product(s):	acroread
Definition Synopsis:
Operation system section The operating system installed on the system is Red Hat Enterprise Linux 5 Packages section acroread is earlier than 0:9.4.1-1.el5 AND acroread-plugin is earlier than 0:9.4.1-1.el5 AND Operation system section The operating system installed on the system is Red Hat Enterprise Linux 6 Packages section acroread is earlier than 0:9.4.1-1.el6 AND acroread-plugin is earlier than 0:9.4.1-1.el6

Definition Id: oval:org.mitre.oval:def:22281

Oval ID:	oval:org.mitre.oval:def:22281
Title:	DEPRECATED: ELSA-2010:0934: acroread security update (Critical)
Description:	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0934-02 CVE-2010-3654 CVE-2010-4091	Version:	14
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	acroread
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test acroread is earlier than 0:9.4.1-1.el5 AND acroread-plugin is earlier than 0:9.4.1-1.el5 OR rpm test Oracle Linux 6.x AND rpm test acroread is earlier than 0:9.4.1-1.el6 AND acroread-plugin is earlier than 0:9.4.1-1.el6

Definition Id: oval:org.mitre.oval:def:22325

Oval ID:	oval:org.mitre.oval:def:22325
Title:	RHSA-2010:0829: flash-plugin security update (Critical)
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	unix	Class:	patch
Reference(s):	RHSA-2010:0829-01 CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654	Version:	198
Platform(s):	Red Hat Enterprise Linux 5	Product(s):	flash-plugin
Definition Synopsis:
The operating system installed on the system is Red Hat Enterprise Linux 5 AND flash-plugin is earlier than 0:10.1.102.64-1.el5

Definition Id: oval:org.mitre.oval:def:23206

Oval ID:	oval:org.mitre.oval:def:23206
Title:	ELSA-2010:0829: flash-plugin security update (Critical)
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0829-01 CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654	Version:	65
Platform(s):	Oracle Linux 5	Product(s):	flash-plugin
Definition Synopsis:
Oracle Linux 5.x AND flash-plugin is earlier than 0:10.1.102.64-1.el5

Definition Id: oval:org.mitre.oval:def:23533

Oval ID:	oval:org.mitre.oval:def:23533
Title:	ELSA-2010:0867: flash-plugin security update (Critical)
Description:	Adobe Flash Player before 9.0.289.0 and 10.x before 10.1.102.64 on Windows, Mac OS X, Linux, and Solaris and 10.1.95.1 on Android, and authplay.dll (aka AuthPlayLib.bundle or libauthplay.so.0.0.0) in Adobe Reader and Acrobat 9.x through 9.4, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted SWF content, as exploited in the wild in October 2010.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0867-02 CVE-2010-3636 CVE-2010-3639 CVE-2010-3640 CVE-2010-3641 CVE-2010-3642 CVE-2010-3643 CVE-2010-3644 CVE-2010-3645 CVE-2010-3646 CVE-2010-3647 CVE-2010-3648 CVE-2010-3649 CVE-2010-3650 CVE-2010-3652 CVE-2010-3654	Version:	65
Platform(s):	Oracle Linux 6	Product(s):	flash-plugin
Definition Synopsis:
flash-plugin is earlier than 0:10.1.102.64-1.el6 AND Oracle Linux 6.x

Definition Id: oval:org.mitre.oval:def:23656

Oval ID:	oval:org.mitre.oval:def:23656
Title:	ELSA-2010:0934: acroread security update (Critical)
Description:	The EScript.api plugin in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.1, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PDF document that triggers memory corruption, involving the printSeps function. NOTE: some of these details are obtained from third party information.
Family:	unix	Class:	patch
Reference(s):	ELSA-2010:0934-02 CVE-2010-3654 CVE-2010-4091	Version:	13
Platform(s):	Oracle Linux 5 Oracle Linux 6	Product(s):	acroread
Definition Synopsis:
rpm test Oracle Linux 5.x AND rpm test acroread is earlier than 0:9.4.1-1.el5 AND acroread-plugin is earlier than 0:9.4.1-1.el5 OR rpm test Oracle Linux 6.x AND rpm test acroread is earlier than 0:9.4.1-1.el6 AND acroread-plugin is earlier than 0:9.4.1-1.el6

CPE : Common Platform Enumeration

Type	Description	Count
Application	Adobe Acrobat cpe:2.3:a:adobe:acrobat:10.0:::::::* cpe:2.3:a:adobe:acrobat:9.4:::::::* cpe:2.3:a:adobe:acrobat:9.3.4:::::::* cpe:2.3:a:adobe:acrobat:9.3.3:::::::* cpe:2.3:a:adobe:acrobat:9.3.2:::::::* cpe:2.3:a:adobe:acrobat:9.3.1:::::::* cpe:2.3:a:adobe:acrobat:9.3:::::::* cpe:2.3:a:adobe:acrobat:9.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.3:::::::* cpe:2.3:a:adobe:acrobat:9.1.2:::::::* cpe:2.3:a:adobe:acrobat:9.1.1:::::::* cpe:2.3:a:adobe:acrobat:9.1:::::::* cpe:2.3:a:adobe:acrobat:9.0:::::::* cpe:2.3:a:adobe:acrobat:8.2.4:::::::* cpe:2.3:a:adobe:acrobat:8.2.3:::::::* cpe:2.3:a:adobe:acrobat:8.2.2:::::::* cpe:2.3:a:adobe:acrobat:8.2.1:::::::* cpe:2.3:a:adobe:acrobat:8.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.7:::::::* cpe:2.3:a:adobe:acrobat:8.1.6:::::::* cpe:2.3:a:adobe:acrobat:8.1.5:::::::* cpe:2.3:a:adobe:acrobat:8.1.4:::::::* cpe:2.3:a:adobe:acrobat:8.1.3:::::::* cpe:2.3:a:adobe:acrobat:8.1.2:::::::* cpe:2.3:a:adobe:acrobat:8.1.1:::::::* cpe:2.3:a:adobe:acrobat:8.1:::::::* cpe:2.3:a:adobe:acrobat:8.0:::::::*	27
Application	Adobe Acrobat Reader cpe:2.3:a:adobe:acrobat_reader:10.0:::::::* cpe:2.3:a:adobe:acrobat_reader:9.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.4:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.3:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.1:::::::* cpe:2.3:a:adobe:acrobat_reader:9.0:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.3:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.7:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.6:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.5:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.4:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.2:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.1:::::::* cpe:2.3:a:adobe:acrobat_reader:8.0:::::::*	26
Application	Adobe Flash Player cpe:2.3:a:adobe:flash_player:10.1.95.2:::::::* cpe:2.3:a:adobe:flash_player:10.1.95.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.92.8:::::::* cpe:2.3:a:adobe:flash_player:10.1.92.10:::::::* cpe:2.3:a:adobe:flash_player:10.1.85.3:::::::* cpe:2.3:a:adobe:flash_player:10.1.82.76:::::::* cpe:2.3:a:adobe:flash_player:10.1.53.64:::::::* cpe:2.3:a:adobe:flash_player:10.1.52.15:::::::* cpe:2.3:a:adobe:flash_player:10.1.52.14.1:::::::* cpe:2.3:a:adobe:flash_player:10.1.52.14:::::::* cpe:2.3:a:adobe:flash_player:10.1:::::::* cpe:2.3:a:adobe:flash_player:10.0.45.2:::::::* cpe:2.3:a:adobe:flash_player:10.0.42.34:::::::* cpe:2.3:a:adobe:flash_player:10.0.32.18:::::::* cpe:2.3:a:adobe:flash_player:10.0.22.87:::::::* cpe:2.3:a:adobe:flash_player:10.0.2.54:::::::* cpe:2.3:a:adobe:flash_player:10.0.15.3:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.36:::::::* cpe:2.3:a:adobe:flash_player:10.0.12.10:::::::* cpe:2.3:a:adobe:flash_player:10.0.0.584:::::::* cpe:2.3:a:adobe:flash_player:10:::::::* cpe:2.3:a:adobe:flash_player:9.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.9.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.8.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.48.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.47.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.45.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.31:::::::* cpe:2.3:a:adobe:flash_player:9.0.283.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.280:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.28.0::mac_os_x::::: cpe:2.3:a:adobe:flash_player:9.0.28:::::::* cpe:2.3:a:adobe:flash_player:9.0.277.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.262.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.260.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.246.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.20:::::::* cpe:2.3:a:adobe:flash_player:9.0.18d60:::::::* cpe:2.3:a:adobe:flash_player:9.0.16.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.16:::::::* cpe:2.3:a:adobe:flash_player:9.0.16::windows::::: cpe:2.3:a:adobe:flash_player:9.0.159.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.155.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.152.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.151.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.125.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.124.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.115.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.114.0:::::::* cpe:2.3:a:adobe:flash_player:9.0.112.0:::::::* cpe:2.3:a:adobe:flash_player:9.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.42.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.39.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.35.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.34.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.33.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:8.0.22.0:::::::* cpe:2.3:a:adobe:flash_player:8.0:::::::* cpe:2.3:a:adobe:flash_player:8.0::pro::::: cpe:2.3:a:adobe:flash_player:8.0::basic::::: cpe:2.3:a:adobe:flash_player:8::professional::::: cpe:2.3:a:adobe:flash_player:8::pro::::: cpe:2.3:a:adobe:flash_player:7.2:::::::* cpe:2.3:a:adobe:flash_player:7.1.1:::::::* cpe:2.3:a:adobe:flash_player:7.1:::::::* cpe:2.3:a:adobe:flash_player:7.0.73.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.70.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.69.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.68.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.67.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.66.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.63:::::::* cpe:2.3:a:adobe:flash_player:7.0.63::linux::::: cpe:2.3:a:adobe:flash_player:7.0.61.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.60.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.53.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.25:::::::* cpe:2.3:a:adobe:flash_player:7.0.24.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.19.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.14.0:::::::* cpe:2.3:a:adobe:flash_player:7.0.1:::::::* cpe:2.3:a:adobe:flash_player:7.0_r67::solaris::::: cpe:2.3:a:adobe:flash_player:7.0_r67:::::::* cpe:2.3:a:adobe:flash_player:7.0:::::::* cpe:2.3:a:adobe:flash_player:6.0.79:::::::* cpe:2.3:a:adobe:flash_player:6.0.21.0:::::::* cpe:2.3:a:adobe:flash_player:6:::::::* cpe:2.3:a:adobe:flash_player:5:::::::* cpe:2.3:a:adobe:flash_player:4:::::::* cpe:2.3:a:adobe:flash_player:3:::::::* cpe:2.3:a:adobe:flash_player:2:::::::* cpe:2.3:a:adobe:flash_player:mx_2004:::::::* cpe:2.3:a:adobe:flash_player:cs4::pro::::: cpe:2.3:a:adobe:flash_player:cs3::pro::::: cpe:2.3:a:adobe:flash_player:cs3::professional::::: cpe:2.3:a:adobe:flash_player:::::::: cpe:2.3:a:adobe:flash_player:::basic:::::* cpe:2.3:a:adobe:flash_player:::pro:::::* cpe:2.3:a:adobe:flash_player::::::edge::* cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::* cpe:2.3:a:adobe:flash_player::::::chrome::* cpe:2.3:a:adobe:flash_player:-:::::::*	106
Application	Macromedia Flash Player cpe:2.3:a:macromedia:flash_player:6.0.79.0:::::::* cpe:2.3:a:macromedia:flash_player:6.0.65.0:::::::* cpe:2.3:a:macromedia:flash_player:6.0.47.0:::::::* cpe:2.3:a:macromedia:flash_player:6.0.40.0:::::::* cpe:2.3:a:macromedia:flash_player:6.0.29.0:::::::* cpe:2.3:a:macromedia:flash_player:6.0:::::::* cpe:2.3:a:macromedia:flash_player:5.0_r50:::::::* cpe:2.3:a:macromedia:flash_player:5.0:::::::*	8

SAINT Exploits

Description	Link
Adobe Flash Player Flash Content Parsing Code Execution	More info here

ExploitDB Exploits

id	Description
2011-04-19	Adobe Flash Player < 10.1.53 .64 Action Script Type Confusion Exploit (DEP...
2010-11-01	Adobe Flash Player "Button" Remote Code Execution

OpenVAS Exploits

Date	Description
2012-02-12	Name : Gentoo Security Advisory GLSA 201201-19 (acroread) File : nvt/glsa_201201_19.nasl
2011-09-07	Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl
2011-03-15	Name : SuSE Update for acroread SUSE-SA:2011:011 File : nvt/gb_suse_2011_011.nasl
2011-03-09	Name : Gentoo Security Advisory GLSA 201101-08 (acroread) File : nvt/glsa_201101_08.nasl
2011-03-09	Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash) File : nvt/glsa_201101_09.nasl
2011-02-15	Name : Adobe Reader and Acrobat Multiple Vulnerabilities February-2011 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_feb11_win.nasl
2011-02-15	Name : Adobe Reader Multiple Vulnerabilities February-2011 (Linux) File : nvt/gb_adobe_reader_mult_vuln_feb11_lin.nasl
2011-01-04	Name : SuSE Update for acoread SUSE-SA:2010:058 File : nvt/gb_suse_2010_058.nasl
2010-11-23	Name : Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability File : nvt/gb_adobe_prdts_printseps_mem_crptn_vuln_win.nasl
2010-11-23	Name : Adobe Reader 'printSeps()' Function Heap Corruption Vulnerability File : nvt/gb_adobe_reader_printseps_mem_crptn_vuln_lin.nasl
2010-11-17	Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin11.nasl
2010-11-16	Name : SuSE Update for flash-player SUSE-SA:2010:055 File : nvt/gb_suse_2010_055.nasl
2010-11-10	Name : Adobe Products Content Code Execution Vulnerability (Linux) File : nvt/gb_adobe_prdts_arbitrary_code_exec_vuln_nov10_lin.nasl
2010-11-10	Name : Adobe Products Content Code Execution Vulnerability (Windows) File : nvt/gb_adobe_prdts_arbitrary_code_exec_vuln_nov10_win.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
69005	Adobe Reader EScript.api Plugin printSeps Function Memory Corruption A memory corruption flaw exists in Adobe Reader. The flaw is caused due to an unspecified error when parsing PDF files and can be exploited to corrupt memory. With a specially crafted PDF file, it may allow execution of arbitrary code.
68932	Adobe Multiple Products Crafted SWF Movie Handling Overflow (2010-3654) Adobe Acrobat, Flash and Reader contains a flaw that may allow a remote attacker to execute arbitrary commands or code. An unspecified error can be exploited to execute arbitrary code

Snort® IPS/IDS

Date	Description
2014-01-10	Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt RuleID : 28723 - Revision : 6 - Type : FILE-PDF
2014-01-10	Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt RuleID : 28722 - Revision : 6 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19280 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19279 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19278 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19277 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19276 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over pop3 RuleID : 19275 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19274 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19273 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19272 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19271 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash over smtp RuleID : 19270 - Revision : 4 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 19269 - Revision : 14 - Type : FILE-PDF
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 19268 - Revision : 14 - Type : FILE-PDF
2014-01-10	Adobe Flash Player content parsing execution attempt RuleID : 18992 - Revision : 11 - Type : FILE-FLASH
2014-01-10	Adobe Acrobat Reader invalid PDF JavaScript printSeps extension call attempt RuleID : 18102 - Revision : 20 - Type : FILE-PDF
2014-01-10	Adobe Flash authplay.dll memory corruption attempt RuleID : 17808 - Revision : 8 - Type : FILE-FLASH
2014-01-10	attempted download of a PDF with embedded Flash RuleID : 15727 - Revision : 27 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date	Description
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_acroread-110302.nasl - Type : ACT_GATHER_INFO
2014-06-13	Name : The remote openSUSE host is missing a security update. File : suse_11_3_acroread-101206.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0834.nasl - Type : ACT_GATHER_INFO
2013-01-24	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0829.nasl - Type : ACT_GATHER_INFO
2012-01-31	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201201-19.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-110302.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-101206.nasl - Type : ACT_GATHER_INFO
2011-05-05	Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-101206.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-7359.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-7358.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-110301.nasl - Type : ACT_GATHER_INFO
2011-03-07	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-110301.nasl - Type : ACT_GATHER_INFO
2011-02-09	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb11-03.nasl - Type : ACT_GATHER_INFO
2011-02-09	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb11-03.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-7266.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-7267.nasl - Type : ACT_GATHER_INFO
2011-01-27	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-7223.nasl - Type : ACT_GATHER_INFO
2011-01-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-08.nasl - Type : ACT_GATHER_INFO
2011-01-24	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO
2010-12-09	Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-101203.nasl - Type : ACT_GATHER_INFO
2010-12-09	Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-101203.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0934.nasl - Type : ACT_GATHER_INFO
2010-12-02	Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-101104.nasl - Type : ACT_GATHER_INFO
2010-11-18	Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0867.nasl - Type : ACT_GATHER_INFO
2010-11-16	Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb10-28.nasl - Type : ACT_GATHER_INFO
2010-11-16	Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb10-28.nasl - Type : ACT_GATHER_INFO
2010-11-15	Name : The remote Windows host contains a version of Adobe AIR that is affected by m... File : adobe_air_apsb10-26.nasl - Type : ACT_GATHER_INFO
2010-11-10	Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO
2010-11-10	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO
2010-11-08	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_76b597e4e9c611df9e10001b2134ef46.nasl - Type : ACT_GATHER_INFO
2010-11-05	Name : The remote Windows host contains a browser plug-in that is affected by multip... File : flash_player_apsb10-26.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:54:08	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	2
Oval ID(s)	9
CPE ID(s)	167
Saint Exploit(s)	1
osvdb(s)	2
ExploitDB Exploit(s)	2
Openvas Exploit(s)	14
Snort® Rule(s)	19
Nessus® Exploit(s)	34

	Related
9.3	CVE-2010-4091
9.3	CVE-2010-3654
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 2 more Alert(s)