Rapid7 Vulnerability & Exploit Database

RHSA-2011:1434: acroread security update

Back to Search

RHSA-2011:1434: acroread security update



Adobe Reader allows users to view and print documents in Portable DocumentFormat (PDF).This update fixes multiple security flaws in Adobe Reader. These flaws aredetailed on the Adobe security page APSB11-24, listed in the Referencessection. A specially-crafted PDF file could cause Adobe Reader to crash or,potentially, execute arbitrary code as the user running Adobe Reader whenopened. (CVE-2011-2431, CVE-2011-2432, CVE-2011-2433, CVE-2011-2434,CVE-2011-2435, CVE-2011-2436, CVE-2011-2437, CVE-2011-2438, CVE-2011-2439,CVE-2011-2440, CVE-2011-2442)This update also fixes multiple security flaws in Adobe Flash Playerembedded in Adobe Reader. These flaws are detailed on the Adobe securitypages APSB11-21 and APSB11-26, listed in the References section.A PDF file with an embedded, specially-crafted SWF file could cause AdobeReader to crash or, potentially, execute arbitrary code as the user runningAdobe Reader when opened. (CVE-2011-2130, CVE-2011-2134, CVE-2011-2135,CVE-2011-2136, CVE-2011-2137, CVE-2011-2138, CVE-2011-2139, CVE-2011-2140,CVE-2011-2414, CVE-2011-2415, CVE-2011-2416, CVE-2011-2417, CVE-2011-2424,CVE-2011-2425, CVE-2011-2426, CVE-2011-2427, CVE-2011-2428, CVE-2011-2430)A flaw in Adobe Flash Player could allow an attacker to conduct cross-sitescripting (XSS) attacks if a victim were tricked into visiting aspecially-crafted web page. (CVE-2011-2444)This update also fixes an information disclosure flaw in Adobe FlashPlayer. (CVE-2011-2429)All Adobe Reader users should install these updated packages. They containAdobe Reader version 9.4.6, which is not vulnerable to these issues. Allrunning instances of Adobe Reader must be restarted for the update to takeeffect.


  • redhat-upgrade-acroread
  • redhat-upgrade-acroread-plugin

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center