فا

‫ Adobe Reader / Acrobat Multiple Vulnerabilities

IRCAD2014053316

Number: IRCAD2014053316

Date: 2014/05/13

Criticality level: Highly critical

Software:

Adobe Acrobat X 10.x

Adobe Acrobat XI 11.x

Adobe Reader X 10.x

Adobe Reader XI 11.x

Description

Multiple vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, and compromise a user's system.

1) An unspecified error can be exploited to cause a heap-based buffer overflow.

2) An error related to input validation can be exploited to bypass certain security restrictions.

3) An error within the implementation of Javascript APIs can be exploited to disclose certain information.

4) Some errors can be exploited to corrupt memory.

5) Another error can be exploited to corrupt memory.

6) Another error can be exploited to corrupt memory.

7) An error exists within the handling of certain API calls to unmapped memory.

8) A use-after-free error can be exploited to corrupt memory.

9) A double-free error can be exploited to corrupt memory.

10) An unspecified error can be exploited to cause a buffer overflow.

Successful exploitation of vulnerabilities #1 and #4 through #‫10 may allow execution of arbitrary code.

The vulnerabilities are reported in the following products and versions:

* Adobe Reader XI versions 11.0.06 and prior for Windows and Macintosh

* Adobe Reader X versions 10.1.9 and prior for Windows and Macintosh

* Adobe Acrobat XI versions 11.0.06 and prior for Windows and Macintosh

* Adobe Acrobat X versions 10.1.9 and prior for Windows and Macintosh

Solution:

Updated to a fixed version.

Resources:

APSB14-15:
http://helpx.adobe.com/security/products/acrobat/apsb14-15.html

secunia:

نظرات

بدون نظر
شما برای نظر دادن باید وارد شوید

نوشته

 
تاریخ ایجاد: 24 اردیبهشت 1393

امتیاز

امتیاز شما
تعداد امتیازها: 0