ID CVE-2011-4374
Summary Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
References
Vulnerable Configurations
  • Adobe Acrobat Reader 9.1
    cpe:2.3:a:adobe:acrobat_reader:9.1
  • Adobe Acrobat Reader 9.2
    cpe:2.3:a:adobe:acrobat_reader:9.2
  • Adobe Acrobat Reader 9.4.4
    cpe:2.3:a:adobe:acrobat_reader:9.4.4
  • Adobe Acrobat Reader 9.1.1
    cpe:2.3:a:adobe:acrobat_reader:9.1.1
  • Adobe Acrobat Reader 9.3
    cpe:2.3:a:adobe:acrobat_reader:9.3
  • Adobe Acrobat Reader 9.3.4
    cpe:2.3:a:adobe:acrobat_reader:9.3.4
  • Adobe Acrobat Reader 9.3.3
    cpe:2.3:a:adobe:acrobat_reader:9.3.3
  • Adobe Acrobat Reader 9.3.2
    cpe:2.3:a:adobe:acrobat_reader:9.3.2
  • Adobe Acrobat Reader 9.1.2
    cpe:2.3:a:adobe:acrobat_reader:9.1.2
  • Adobe Acrobat Reader 9.4.3
    cpe:2.3:a:adobe:acrobat_reader:9.4.3
  • Adobe Acrobat Reader 9.0
    cpe:2.3:a:adobe:acrobat_reader:9.0
  • Adobe Acrobat Reader 9.4.1
    cpe:2.3:a:adobe:acrobat_reader:9.4.1
  • Adobe Acrobat Reader 9.4.2
    cpe:2.3:a:adobe:acrobat_reader:9.4.2
  • Adobe Acrobat Reader 9.1.3
    cpe:2.3:a:adobe:acrobat_reader:9.1.3
  • Adobe Acrobat Reader 9.3.1
    cpe:2.3:a:adobe:acrobat_reader:9.3.1
  • Adobe Acrobat Reader 9.4
    cpe:2.3:a:adobe:acrobat_reader:9.4
  • Adobe Acrobat Reader 9.4.5
    cpe:2.3:a:adobe:acrobat_reader:9.4.5
  • Linux Kernel
    cpe:2.3:o:linux:linux_kernel
CVSS
Base: 7.5 (as of 20-01-2012 - 14:06)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
NASL family Red Hat Local Security Checks
NASL id REDHAT-RHSA-2011-1434.NASL
description Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB11-24, listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434, CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439, CVE-2011-2440, CVE-2011-2442) This update also fixes multiple security flaws in Adobe Flash Player embedded in Adobe Reader. These flaws are detailed on the Adobe security pages APSB11-21 and APSB11-26, listed in the References section. A PDF file with an embedded, specially crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135, CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140, CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424, CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430) A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially crafted web page. (CVE-2011-2444) This update also fixes an information disclosure flaw in Adobe Flash Player. (CVE-2011-2429) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4.6, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.
last seen 2019-02-21
modified 2018-11-26
plugin id 56740
published 2011-11-09
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=56740
title RHEL 4 / 5 / 6 : acroread (RHSA-2011:1434)
oval via4
accepted 2013-01-14T04:00:56.551-05:00
class vulnerability
contributors
  • name Aharon Chernin
    organization DTCC
  • name Sergey Artykhov
    organization ALTX-SOFT
  • name Evgeniy Pavlov
    organization ALTX-SOFT
  • name Maria Mikhno
    organization ALTX-SOFT
definition_extensions
comment Adobe Reader 9 Series is installed
oval oval:org.mitre.oval:def:6523
description Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
family windows
id oval:org.mitre.oval:def:14812
status deprecated
submitted 2012-02-17T15:25:36.000-05:00
title DEPRECATED: Integer overflow in Adobe Reader 9.x before 9.4.6 on Linux allows attackers to execute arbitrary code via unspecified vectors.
version 8
redhat via4
advisories
bugzilla
id 749381
title acroread: multiple code execution flaws (APSB11-24)
oval
OR
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment acroread is earlier than 0:9.4.6-1.el5
          oval oval:com.redhat.rhsa:tst:20111434002
        • comment acroread is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080144003
      • AND
        • comment acroread-plugin is earlier than 0:9.4.6-1.el5
          oval oval:com.redhat.rhsa:tst:20111434004
        • comment acroread-plugin is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20080144005
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment acroread is earlier than 0:9.4.6-1.el6
          oval oval:com.redhat.rhsa:tst:20111434010
        • comment acroread is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100934011
      • AND
        • comment acroread-plugin is earlier than 0:9.4.6-1.el6
          oval oval:com.redhat.rhsa:tst:20111434012
        • comment acroread-plugin is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20100934013
rhsa
id RHSA-2011:1434
released 2011-11-08
severity Critical
title RHSA-2011:1434: acroread security update (Critical)
rpms
  • acroread-0:9.4.6-1.el5
  • acroread-plugin-0:9.4.6-1.el5
  • acroread-0:9.4.6-1.el6
  • acroread-plugin-0:9.4.6-1.el6
refmap via4
confirm http://www.adobe.com/support/security/bulletins/apsb11-24.html
Last major update 15-11-2013 - 00:33
Published 19-01-2012 - 14:55
Last modified 18-09-2017 - 21:34
Back to Top