فا

‫ Adobe Reader / Acrobat Multiple Vulnerabilities

ID: IRCAD2014123670
Release Date: 2014-12-09
Criticality level: Highly critical
Software:
Adobe Acrobat X 10.x
Adobe Acrobat XI 11.x
Adobe Reader X 10.x
Adobe Reader XI 11.x
Description:
Some vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.
1) A use-after-free error can be exploited to execute arbitrary code.
2) Another use-after-free error can be exploited to execute arbitrary code.
3) Another use-after-free error can be exploited to execute arbitrary code.
4) An unspecified error can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code.
5) Another unspecified error can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code.
6) Another unspecified error can be exploited to cause a heap-based buffer overflow and subsequently execute arbitrary code.
7) An integer overflow error can be exploited to execute arbitrary code.
8) An unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
9) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
10) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
11) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
12) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
13) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
14) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
15) Another unspecified error can be exploited to corrupt memory and subsequently execute arbitrary code.
16) A race condition error can be exploited to gain otherwise restricted, arbitrary write access to the file system.
17) An error within the implementation of a Javascript API can be exploited to disclose certain information.
18) Another error within the implementation of a Javascript API can be exploited to disclose certain information.
19) An error when handling XML external entities can be exploited to disclose certain information.
20) Some unspecified errors can be exploited to bypass the same-origin policy.
The vulnerabilities are reported in the following products and versions running on Windows and Macintosh platforms:
* Adobe Reader XI prior to version 11.0.10.
* Adobe Reader X prior to version 10.1.13.
* Adobe Acrobat XI prior to version 11.0.10.
* Adobe Acrobat X prior to version 10.1.13.
Solution
Update to a fixed version.
References:
APSB14-28:
Secunia:
 
 

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 21 آذر 1393

امتیاز

امتیاز شما
تعداد امتیازها:0