ID CVE-2011-2102
Summary Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
References
Vulnerable Configurations
  • Adobe Acrobat X (10.0)
    cpe:2.3:a:adobe:acrobat:10.0
  • Adobe Acrobat X (10.0.1)
    cpe:2.3:a:adobe:acrobat:10.0.1
  • Adobe Acrobat X (10.0.2)
    cpe:2.3:a:adobe:acrobat:10.0.2
  • Adobe Acrobat X (10.0.3)
    cpe:2.3:a:adobe:acrobat:10.0.3
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
  • Adobe Acrobat Reader X (10.0)
    cpe:2.3:a:adobe:acrobat_reader:10.0
  • Adobe Acrobat Reader X (10.0.1)
    cpe:2.3:a:adobe:acrobat_reader:10.0.1
  • Adobe Acrobat Reader X (10.0.2)
    cpe:2.3:a:adobe:acrobat_reader:10.0.2
  • Adobe Acrobat Reader X (10.0.3)
    cpe:2.3:a:adobe:acrobat_reader:10.0.3
  • Microsoft Windows
    cpe:2.3:o:microsoft:windows
  • Apple Mac OS X
    cpe:2.3:o:apple:mac_os_x
CVSS
Base: 9.3 (as of 17-06-2011 - 10:17)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_ADOBE_READER_APSB11-16.NASL
    description The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1, 9.4.5, or 8.3. It is, therefore, affected by the following vulnerabilities : - Multiple buffer overflow conditions exist that allow an attacker to execute arbitrary code. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow condition exists that allows an attacker to execute arbitrary code. (CVE-2011-2096) - Multiple memory corruption issues exist that allow an attacker to execute arbitrary code. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105, CVE-2011-2106) - Multiple memory corruption issues exist that allow an attacker to crash the application. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2011-2100) - A cross-document script execution vulnerability exists that allows an attacker to execute arbitrary code. (CVE-2011-2101) - A unspecified vulnerability exists that allows an attacker to bypass security restrictions. (CVE-2011-2102) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 55421
    published 2011-06-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55421
    title Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-12, APSB11-12, APSB11-16) (Mac OS X)
  • NASL family Windows
    NASL id ADOBE_READER_APSB11-16.NASL
    description The version of Adobe Reader installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105) - Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100) - A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101) - A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 55144
    published 2011-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55144
    title Adobe Reader < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
  • NASL family Windows
    NASL id ADOBE_ACROBAT_APSB11-16.NASL
    description The version of Adobe Acrobat installed on the remote host is earlier than 10.1 / 9.4.5 / 8.3. Such versions are reportedly affected by multiple vulnerabilities : - Multiple buffer overflow vulnerabilities exist that could lead to code execution. (CVE-2011-2094, CVE-2011-2095, CVE-2011-2097) - A heap overflow vulnerability exists that could lead to code execution. (CVE-2011-2096) - Multiple memory corruption vulnerabilities exist that could lead to code execution. (CVE-2011-2098, CVE-2011-2099, CVE-2011-2103, CVE-2011-2105) - Multiple memory corruption vulnerabilities exist that could cause the application to crash. (CVE-2011-2104, CVE-2011-2105) - A DLL loading vulnerability exists that could lead to code execution. (CVE-2011-2100) - A cross document script execution vulnerability exists that could lead to code execution. (CVE-2011-2101) - A security bypass vulnerability exists that could lead to bypassing security restrictions. (CVE-2011-2102)
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 55143
    published 2011-06-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=55143
    title Adobe Acrobat < 10.1 / 9.4.5 / 8.3 Multiple Vulnerabilities (APSB11-16)
oval via4
accepted 2014-10-06T04:00:59.614-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Shane Shaffer
    organization G2, Inc.
  • name Maria Mikhno
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
  • comment Adobe Acrobat 10.x is installed
    oval oval:org.mitre.oval:def:11989
  • comment Adobe Reader 10.x is installed
    oval oval:org.mitre.oval:def:12283
description Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
family windows
id oval:org.mitre.oval:def:14004
status accepted
submitted 2011-11-04T14:33:17.000-05:00
title Unspecified vulnerability in Adobe Reader and Acrobat before 10.1 on Windows and Mac OS X allows attackers to bypass intended access restrictions via unknown vectors.
version 12
refmap via4
bid 48253
cert TA11-166A
confirm http://www.adobe.com/support/security/bulletins/apsb11-16.html
osvdb 73064
sectrack 1025658
xf adobe-reader-security-bypass(68016)
Last major update 26-01-2012 - 23:00
Published 16-06-2011 - 19:55
Last modified 18-09-2017 - 21:32
Back to Top