Think you have a false positive on this rule?

Sid 1-28307

Message

EXPLOIT-KIT Himan exploit kit landing page

Summary

Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

Impact

CVSS base score 9.3 CVSS impact score 10.0 CVSS exploitability score 8.6 confidentialityImpact COMPLETE integrityImpact COMPLETE availabilityImpact COMPLETE

CVE-2010-0188:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2011-3544:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2465:

CVSS base score 10.0

CVSS impact score 10.0

CVSS exploitability score 10.0

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

CVE-2013-2551:

CVSS base score 9.3

CVSS impact score 10.0

CVSS exploitability score 8.6

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Detailed information

CVE-2010-0188: Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.

CVE-2011-3544: Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality, integrity, and availability via unknown vectors related to Scripting.

CVE-2013-2465: Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.

CVE-2013-2551: Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2013, aka "Internet Explorer Use After Free Vulnerability," a different vulnerability than CVE-2013-1308 and CVE-2013-1309.

Affected systems

  • adobe acrobat_reader 8.0
  • adobe acrobat_reader 8.1
  • adobe acrobat_reader 8.1.1
  • adobe acrobat_reader 8.1.2
  • adobe acrobat_reader 8.1.3
  • adobe acrobat_reader 8.1.4
  • adobe acrobat_reader 8.1.5
  • adobe acrobat_reader 8.1.6
  • adobe acrobat_reader 8.1.7
  • adobe acrobat_reader 9.0
  • adobe acrobat_reader 9.1
  • adobe acrobat_reader 9.1.1
  • adobe acrobat_reader 9.1.2
  • adobe acrobat_reader 9.1.3
  • adobe acrobat_reader 9.2
  • adobe acrobat_reader 9.3
  • sun jdk 1.6.0
  • sun jdk 1.7.0
  • sun jre 1.6.0
  • sun jre 1.7.0
  • oracle jdk 1.5.0
  • oracle jdk 1.6.0
  • oracle jdk 1.7.0
  • oracle jre 1.5.0
  • oracle jre 1.6.0
  • oracle jre 1.7.0
  • sun jdk 1.5.0
  • sun jre 1.5.0
  • microsoft internet_explorer 6
  • microsoft internet_explorer 7
  • microsoft internet_explorer 8
  • microsoft internet_explorer 9
  • microsoft internet_explorer 10

Ease of attack

CVE-2010-0188:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

CVE-2011-3544:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-2465:

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

CVE-2013-2551:

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

False positives

None known

False negatives

None known

Corrective action

Upgrade to the latest non-affected version of the software.

Apply the appropriate vendor supplied patches.

Contributors

  • Talos research team.
  • This document was generated from data supplied by the national vulnerability database, a product of the national institute of standards and technology.
  • For more information see nvd.

Additional References

  • malware.dontneedcoffee.com/2013/10/HiMan.html