‫ Adobe Reader / Acrobat Multiple Vulnerabilities

IRCAD2013052686
ID: IRCAD2013052686
Release Date: 2013-05-15
Criticality level: Highly critical
 
Software:
Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Acrobat XI 11.x
Adobe Reader 9.x
Adobe Reader X 10.x
Adobe Reader XI 11.x
 
Description:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) Some unspecified errors can be exploited to cause memory corruption and execute arbitrary code.
2) Some other unspecified errors can be exploited to cause memory corruption and execute arbitrary code.
3) An integer underflow error can be exploited to execute arbitrary code.
4) A use-after-free error can be exploited to bypass the Adobe Reader sandbox protection.
5) An unspecified error related to the Javascript API can be exploited to disclose certain information.
6) An unspecified error can be exploited to cause a stack overflow and execute arbitrary code.
7) A boundary error within AdobeCollabSync.exe when reading registry values can be exploited to cause a stack-based buffer overflow and bypass the sandbox.
8) Another unspecified error can be exploited to cause buffer overflows and execute arbitrary code.
9) An integer overflow error can be exploited to execute arbitrary code.
10) An integer overflow error within the AcroForm.api plugin when decoding RLE8 compressed BMP files can be exploited to cause a heap-based buffer overflow.
11) An unspecified error exists related to handling of blacklisted domains in the operating system.
The vulnerabilities are reported in the following products and versions:
* Adobe Reader XI versions 11.x through 11.0.02 for Windows and Macintosh
* Adobe Reader X versions 10.x through 10.1.6 for Windows and Macintosh
* Adobe Reader versions 9.x through 9.5.4 for Windows, Macintosh and Linux
* Adobe Acrobat XI versions 11.x through 11.0.02 for Windows and Macintosh
* Adobe Acrobat X versions 10.x through 10.1.6 for Windows and Macintosh
* Adobe Acrobat versions 9.x through 9.5.4 for Windows and Macintosh
 
Solution
Update to a fixed version.
 
References:
Adobe:
Felipe Andres Manzano:
 
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 28 اردیبهشت 1392

امتیاز

امتیاز شما
تعداد امتیازها:0