Executive Summary
Summary | |
---|---|
Title | Adobe Reader: Multiple vulnerabilities |
Informations | |||
---|---|---|---|
Name | GLSA-201206-14 | First vendor Publication | 2012-06-22 |
Vendor | Gentoo | Last vendor Modification | 2012-06-22 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Background Description Impact Workaround Resolution References Availability http://security.gentoo.org/glsa/glsa-201206-14.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201206-14.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-787 | Out-of-bounds Write (CWE/SANS Top 25) |
25 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
12 % | CWE-264 | Permissions, Privileges, and Access Controls |
12 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:14615 | |||
Oval ID: | oval:org.mitre.oval:def:14615 | ||
Title: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | ||
Description: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4373 | Version: | 9 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14801 | |||
Oval ID: | oval:org.mitre.oval:def:14801 | ||
Title: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | ||
Description: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4370 | Version: | 9 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14809 | |||
Oval ID: | oval:org.mitre.oval:def:14809 | ||
Title: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Description: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4371 | Version: | 9 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14857 | |||
Oval ID: | oval:org.mitre.oval:def:14857 | ||
Title: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | ||
Description: | Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-4372 | Version: | 9 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14860 | |||
Oval ID: | oval:org.mitre.oval:def:14860 | ||
Title: | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. | ||
Description: | Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0774 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15270 | |||
Oval ID: | oval:org.mitre.oval:def:15270 | ||
Title: | The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | ||
Description: | The installer in Adobe Reader 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to bypass intended access restrictions and execute arbitrary code via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0776 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:15477 | |||
Oval ID: | oval:org.mitre.oval:def:15477 | ||
Title: | The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Description: | The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2012-0775 | Version: | 13 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:20972 | |||
Oval ID: | oval:org.mitre.oval:def:20972 | ||
Title: | RHSA-2012:0469: acroread security update (Critical) | ||
Description: | The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2012:0469-03 CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 | Version: | 94 |
Platform(s): | Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 | Product(s): | acroread |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:23139 | |||
Oval ID: | oval:org.mitre.oval:def:23139 | ||
Title: | DEPRECATED: ELSA-2012:0469: acroread security update (Critical) | ||
Description: | The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0469-03 CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 | Version: | 34 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23610 | |||
Oval ID: | oval:org.mitre.oval:def:23610 | ||
Title: | ELSA-2012:0469: acroread security update (Critical) | ||
Description: | The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012:0469-03 CVE-2011-4370 CVE-2011-4371 CVE-2011-4372 CVE-2011-4373 CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 | Version: | 33 |
Platform(s): | Oracle Linux 5 Oracle Linux 6 | Product(s): | acroread |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2012-12-13 | Name : SuSE Update for update openSUSE-SU-2012:0512-1 (update) File : nvt/gb_suse_2012_0512_1.nasl |
2012-08-10 | Name : Gentoo Security Advisory GLSA 201206-14 (acroread) File : nvt/glsa_201206_14.nasl |
2012-04-17 | Name : Adobe Reader Multiple Vulnerabilities April-2012 (Mac OS X) File : nvt/gb_adobe_prdts_mult_vuln_apr12_macosx.nasl |
2012-04-16 | Name : Adobe Reader Multiple Vulnerabilities April-2012 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_apr12_win.nasl |
2012-04-16 | Name : Adobe Reader Multiple Vulnerabilities April-2012 (Linux) File : nvt/gb_adobe_reader_mult_vuln_apr12_lin.nasl |
2012-01-16 | Name : Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - MAC OS X File : nvt/gb_adobe_prdts_mult_mem_crptn_vuln_macosx.nasl |
2012-01-16 | Name : Adobe Reader/Acrobat Multiple Memory Corruption Vulnerabilities - Windows File : nvt/gb_adobe_prdts_mult_mem_crptn_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
78248 | Adobe Reader/Acrobat Unspecified Memory Corruption (2011-4373) |
78247 | Adobe Reader/Acrobat rt3d.dll PDF Embedded BMP Image Handling Overflow |
78246 | Adobe Reader/Acrobat Unspecified Heap Memory Corruption |
78245 | Adobe Reader/Acrobat Unspecified Memory Corruption (2011-4370) |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28715 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28714 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28713 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28712 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28711 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 28710 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 22938 - Revision : 10 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader javascript toolbar button use after free attempt RuleID : 21881 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded TTF integer overflow attempt RuleID : 21878 - Revision : 11 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader msiexec.exe file load exploit attempt RuleID : 21859 - Revision : 9 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader msiexec.exe file load exploit attempt RuleID : 21858 - Revision : 9 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader javascript submitform memory corruption attempt RuleID : 20998 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded BMP bit count integer overflow attempt RuleID : 20923 - Revision : 11 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded BMP bit count integer overflow attempt RuleID : 20922 - Revision : 11 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader embedded BMP colors used integer overflow attempt RuleID : 20921 - Revision : 10 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader DCT dequantizer memory corruption attempt RuleID : 20920 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader BMP color unused corruption RuleID : 20919 - Revision : 7 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : openSUSE-2012-226.nasl - Type : ACT_GATHER_INFO |
2012-06-25 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201206-14.nasl - Type : ACT_GATHER_INFO |
2012-04-18 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-120413.nasl - Type : ACT_GATHER_INFO |
2012-04-18 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-8077.nasl - Type : ACT_GATHER_INFO |
2012-04-11 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb12-08.nasl - Type : ACT_GATHER_INFO |
2012-04-11 | Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb12-08.nasl - Type : ACT_GATHER_INFO |
2012-04-11 | Name : The version of Adobe Reader on the remote Mac OS X host is affected by multip... File : macosx_adobe_reader_apsb12-08.nasl - Type : ACT_GATHER_INFO |
2012-04-11 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0469.nasl - Type : ACT_GATHER_INFO |
2012-01-11 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsb12-01.nasl - Type : ACT_GATHER_INFO |
2012-01-11 | Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsb12-01.nasl - Type : ACT_GATHER_INFO |
2011-12-07 | Name : The version of Adobe Reader on the remote Mac OS X host is affected by a memo... File : macosx_adobe_reader_apsa11-04.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:37:23 |
|