Rapid7 Vulnerability & Exploit Database

APSB11-03: Security updates available for Adobe Reader and Acrobat (CVE-2011-0585)

Back to Search

APSB11-03: Security updates available for Adobe Reader and Acrobat (CVE-2011-0585)

Severity
9
CVSS
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Published
02/08/2011
Created
07/25/2018
Added
02/13/2011
Modified
02/13/2015

Description

Critical vulnerabilities have been identified in Adobe Reader X (10.0) for Windows and Macintosh; Adobe Reader 9.4.1 and earlier versions for Windows, Macintosh and UNIX; and Adobe Acrobat X (10.0) and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Risk for Adobe Reader X users is significantly lower, as none of these issues bypass Protected Mode mitigations.

These updates also incorporate the Adobe Flash Player update as noted in Security Bulletin APSB11-02.

Adobe recommends users of Adobe Reader X (10.0) and earlier versions for Windows and Macintosh update to Adobe Reader X (10.0.1), available now. Adobe recommends users of Adobe Reader 9.4.1 for UNIX update to Adobe Reader 9.4.2, expected to be available by the week of February 28, 2011. For users of Adobe Reader 9.4.1 and earlier versions for Windows and Macintosh who cannot update to Adobe Reader X (10.0.1), Adobe has made available updates, Adobe Reader 9.4.2 and Adobe Reader 8.2.6. Adobe recommends users of Adobe Acrobat X (10.0) for Windows and Macintosh update to Adobe Acrobat X (10.0.1). Adobe recommends users of Adobe Acrobat 9.4.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.4.2, and users of Adobe Acrobat 8.2.5 and earlier versions for Windows and Macintosh update to Adobe Acrobat 8.2.6.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for June 14, 2011.

Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.

Solution(s)

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;