Vulnerability CVE-2011-4373


Published: 2012-01-10   Modified: 2012-02-01

Description:
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.

Type:

CWE-noinfo

Vendor: Adobe
Product: Acrobat 
Version:
9.4.7
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.1
9.4
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2
9.1.3
9.1.2
9.1.1
9.1
9.0
10.1.1
10.1
10.0.3
10.0.2
10.0.1
10.0
Product: Reader 
Version:
9.4.7
9.4.6
9.4.5
9.4.4
9.4.3
9.4.2
9.4.1
9.4
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2
9.1.3
9.1.2
9.1.1
9.1
9.0
10.1.1
10.1
10.0.3
10.0.2
10.0.1
10.0
Product: Adobe reader 
Version:
9.3.4
9.3.3
9.3.2
9.3.1
9.3
9.2
Product: Acrobat reader 
Version:
9.1.3
9.1.2
9.1.1
9.1
9.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.adobe.com/support/security/bulletins/apsb12-01.html
http://www.securitytracker.com/id?1026496
http://www.securityfocus.com/bid/51350
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:14615

Related CVE
CVE-2017-3073
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when handling multiple mask properties of display objects, aka memory corruption. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3074
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Graphics class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3071
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable use after free vulnerability when masking display objects. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3072
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BitmapData class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3069
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the BlendMode class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3070
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the ConvolutionFilter class. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3068
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
CVE-2017-3067
Adobe Experience Manager Forms versions 6.2, 6.1, 6.0 have an information disclosure vulnerability resulting from abuse of the pre-population service in AEM Forms.

Copyright 2017, cxsecurity.com