ID CVE-2011-2101
Summary Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
References
Vulnerable Configurations
  • Adobe Acrobat Reader 8.0
    cpe:2.3:a:adobe:acrobat_reader:8.0
  • cpe:2.3:a:adobe:acrobat_reader:8.1
  • Adobe Acrobat Reader 8.1.1
    cpe:2.3:a:adobe:acrobat_reader:8.1.1
  • Adobe Acrobat Reader 8.1.2
    cpe:2.3:a:adobe:acrobat_reader:8.1.2
  • Adobe Acrobat Reader 8.1.4
    cpe:2.3:a:adobe:acrobat_reader:8.1.4
  • Adobe Acrobat Reader 8.1.5
    cpe:2.3:a:adobe:acrobat_reader:8.1.5
  • Adobe Acrobat Reader 8.1.6
    cpe:2.3:a:adobe:acrobat_reader:8.1.6
  • Adobe Acrobat Reader 8.1.7
    cpe:2.3:a:adobe:acrobat_reader:8.1.7
  • Adobe Acrobat Reader 8.2
    cpe:2.3:a:adobe:acrobat_reader:8.2
  • Adobe Acrobat Reader 8.2.1
    cpe:2.3:a:adobe:acrobat_reader:8.2.1
  • Adobe Acrobat Reader 8.2.2
    cpe:2.3:a:adobe:acrobat_reader:8.2.2
  • Adobe Acrobat Reader 8.2.3
    cpe:2.3:a:adobe:acrobat_reader:8.2.3
  • Adobe Acrobat Reader 8.2.4
    cpe:2.3:a:adobe:acrobat_reader:8.2.4
  • Adobe Acrobat Reader 8.2.6
    cpe:2.3:a:adobe:acrobat_reader:8.2.6
  • Adobe Acrobat Reader 8.1.3
    cpe:2.3:a:adobe:acrobat_reader:8.1.3
  • Adobe Acrobat Reader 9.0
    cpe:2.3:a:adobe:acrobat_reader:9.0
  • Adobe Acrobat Reader 9.1
    cpe:2.3:a:adobe:acrobat_reader:9.1
  • Adobe Acrobat Reader 9.1.1
    cpe:2.3:a:adobe:acrobat_reader:9.1.1
  • Adobe Acrobat Reader 9.1.2
    cpe:2.3:a:adobe:acrobat_reader:9.1.2
  • Adobe Acrobat Reader 9.1.3
    cpe:2.3:a:adobe:acrobat_reader:9.1.3
  • Adobe Acrobat Reader 9.2
    cpe:2.3:a:adobe:acrobat_reader:9.2
  • Adobe Acrobat Reader 9.3
    cpe:2.3:a:adobe:acrobat_reader:9.3
  • Adobe Acrobat Reader 9.3.1
    cpe:2.3:a:adobe:acrobat_reader:9.3.1
  • Adobe Acrobat Reader 9.3.2
    cpe:2.3:a:adobe:acrobat_reader:9.3.2
  • Adobe Acrobat Reader 9.3.3
    cpe:2.3:a:adobe:acrobat_reader:9.3.3
  • Adobe Acrobat Reader 9.3.4
    cpe:2.3:a:adobe:acrobat_reader:9.3.4
  • Adobe Acrobat Reader 9.4
    cpe:2.3:a:adobe:acrobat_reader:9.4
  • Adobe Acrobat Reader 9.4.1
    cpe:2.3:a:adobe:acrobat_reader:9.4.1
  • Adobe Acrobat Reader 9.4.2
    cpe:2.3:a:adobe:acrobat_reader:9.4.2
  • Adobe Acrobat Reader 9.4.3
    cpe:2.3:a:adobe:acrobat_reader:9.4.3
  • Adobe Acrobat Reader 9.4.4
    cpe:2.3:a:adobe:acrobat_reader:9.4.4
  • Adobe Acrobat Reader X (10.0)
    cpe:2.3:a:adobe:acrobat_reader:10.0
  • Adobe Acrobat Reader X (10.0.1)
    cpe:2.3:a:adobe:acrobat_reader:10.0.1
  • Adobe Acrobat Reader X (10.0.2)
    cpe:2.3:a:adobe:acrobat_reader:10.0.2
  • Adobe Acrobat Reader X (10.0.3)
    cpe:2.3:a:adobe:acrobat_reader:10.0.3
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • cpe:2.3:a:adobe:acrobat:8.0
  • Adobe Acrobat 8.1
    cpe:2.3:a:adobe:acrobat:8.1
  • Adobe Acrobat 8.1.1
    cpe:2.3:a:adobe:acrobat:8.1.1
  • Adobe Acrobat 8.1.2
    cpe:2.3:a:adobe:acrobat:8.1.2
  • cpe:2.3:a:adobe:acrobat:8.1.3
  • Adobe Acrobat 8.1.4
    cpe:2.3:a:adobe:acrobat:8.1.4
  • Adobe Acrobat 8.1.5
    cpe:2.3:a:adobe:acrobat:8.1.5
  • Adobe Acrobat 8.1.6
    cpe:2.3:a:adobe:acrobat:8.1.6
  • Adobe Acrobat 8.1.7
    cpe:2.3:a:adobe:acrobat:8.1.7
  • Adobe Acrobat 8.2
    cpe:2.3:a:adobe:acrobat:8.2
  • Adobe Acrobat 8.2.1
    cpe:2.3:a:adobe:acrobat:8.2.1
  • Adobe Acrobat 8.2.2
    cpe:2.3:a:adobe:acrobat:8.2.2
  • Adobe Acrobat 8.2.3
    cpe:2.3:a:adobe:acrobat:8.2.3
  • Adobe Acrobat 8.2.4
    cpe:2.3:a:adobe:acrobat:8.2.4
  • Adobe Acrobat 8.2.5
    cpe:2.3:a:adobe:acrobat:8.2.5
  • Adobe Acrobat 8.2.6
    cpe:2.3:a:adobe:acrobat:8.2.6
  • Adobe Acrobat 9.0
    cpe:2.3:a:adobe:acrobat:9.0
  • cpe:2.3:a:adobe:acrobat:9.1
  • Adobe Acrobat 9.1.1
    cpe:2.3:a:adobe:acrobat:9.1.1
  • cpe:2.3:a:adobe:acrobat:9.1.2
  • Adobe Acrobat 9.1.3
    cpe:2.3:a:adobe:acrobat:9.1.3
  • Adobe Acrobat 9.2
    cpe:2.3:a:adobe:acrobat:9.2
  • Adobe Acrobat 9.3
    cpe:2.3:a:adobe:acrobat:9.3
  • Adobe Acrobat 9.3.1
    cpe:2.3:a:adobe:acrobat:9.3.1
  • Adobe Acrobat 9.3.2
    cpe:2.3:a:adobe:acrobat:9.3.2
  • Adobe Acrobat 9.3.3
    cpe:2.3:a:adobe:acrobat:9.3.3
  • Adobe Acrobat 9.3.4
    cpe:2.3:a:adobe:acrobat:9.3.4
  • Adobe Acrobat 9.4
    cpe:2.3:a:adobe:acrobat:9.4
  • Adobe Acrobat 9.4.1
    cpe:2.3:a:adobe:acrobat:9.4.1
  • Adobe Acrobat 9.4.2
    cpe:2.3:a:adobe:acrobat:9.4.2
  • Adobe Acrobat 9.4.3
    cpe:2.3:a:adobe:acrobat:9.4.3
  • Adobe Acrobat 9.4.4
    cpe:2.3:a:adobe:acrobat:9.4.4
  • Adobe Acrobat X (10.0)
    cpe:2.3:a:adobe:acrobat:10.0
  • Adobe Acrobat X (10.0.1)
    cpe:2.3:a:adobe:acrobat:10.0.1
  • Adobe Acrobat X (10.0.2)
    cpe:2.3:a:adobe:acrobat:10.0.2
  • Adobe Acrobat X (10.0.3)
    cpe:2.3:a:adobe:acrobat:10.0.3
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
CVSS
Base: 9.3 (as of 17-06-2011 - 10:15)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_READER_APSB11-16.NASL
    description The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2011-2096) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105, CVE-2011-2106) - Multiple memory corruption issues exist that allow an attacker to crash the application. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2011-2100) - A cross-document script execution vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2011-2101) - A unspecified vulnerability exists that allows an attacker to bypass security restrictions. (CVE-2011-2102) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55421
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55421
    title Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1434.NASL
    description Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2442) This update also fixes multiple security flaws in Adobe Flash Player embedded in Adobe Reader. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2011-2444) This update also fixes an information disclosure flaw in Adobe Flash Player. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 56740
    published 2011-11-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56740
    title RHEL 4 / 5 / 6 : acroread (RHSA-2011:1434)
  • NASL family Windows
    NASL id ADOBE_READER_APSB11-16.NASL
    description The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105) - Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100) - A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101) - A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 55144
    published 2011-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55144
    title Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB11-16.NASL
    description The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105) - Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100) - A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101) - A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 55143
    published 2011-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55143
    title Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
oval via4
accepted 2014-10-06T04:00:54.596-04:00
class vulnerability
contributors
  • name Scott Quint
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Kedovskaya
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Adobe Acrobat 10.x is installed
    oval oval:org.mitre.oval:def:11989
  • comment Adobe Acrobat 9 Series is installed
    oval oval:org.mitre.oval:def:6013
  • comment Adobe Acrobat 8 Series is installed
    oval oval:org.mitre.oval:def:6452
  • comment Adobe Reader 9 Series is installed
    oval oval:org.mitre.oval:def:6523
  • comment Adobe Reader 8 Series is installed
    oval oval:org.mitre.oval:def:6390
  • comment Adobe Reader 10.x is installed
    oval oval:org.mitre.oval:def:12283
description Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
family windows
id oval:org.mitre.oval:def:13919
status accepted
submitted 2011-11-04T14:33:16.000-05:00
title Adobe Reader and Acrobat 8.x before 8.3, 9.x before 9.4.5, and 10.x before 10.1 on Windows and Mac OS X do not properly restrict script, which allows attackers to execute arbitrary code via a crafted document, related to a "cross document script execution vulnerability."
version 18
redhat via4
rpms
  • acroread-0:9.4.6-1.el5
  • acroread-plugin-0:9.4.6-1.el5
  • acroread-0:9.4.6-1.el6
  • acroread-plugin-0:9.4.6-1.el6
refmap via4
bid 48255
cert TA11-166A
confirm http://www.adobe.com/support/security/bulletins/apsb11-16.html
osvdb 73063
sectrack 1025658
xf adobe-crossdomain-ce(68015)
Last major update 26-01-2012 - 23:00
Published 16-06-2011 - 19:55
Last modified 18-09-2017 - 21:32
Back to Top