Executive Summary

Summary
Title Adobe Reader: Arbitrary Code Execution
Informations
Name GLSA-201309-10 First vendor Publication 2013-09-15
Vendor Gentoo Last vendor Modification 2013-09-15
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

A vulnerability in Adobe Reader could result in execution of arbitrary code or Denial of Service.

Background

Adobe Reader is a closed-source PDF reader.

Description

An unspecified vulnerability exists in Adobe Reader.

Impact

An attacker could execute arbitrary code or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"

References

[ 1 ] CVE-2013-3346 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3346

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201309-10.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201309-10.xml

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:19054
 
Oval ID: oval:org.mitre.oval:def:19054
Title: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341
Description: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Family: windows Class: vulnerability
Reference(s): CVE-2013-3346
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Vista
Microsoft Windows XP
Microsoft Windows 8
Microsoft Windows Server 2012
Product(s): Adobe Reader
Adobe Acrobat
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:20740
 
Oval ID: oval:org.mitre.oval:def:20740
Title: RHSA-2013:0826: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Family: unix Class: patch
Reference(s): RHSA-2013:0826-01
CVE-2013-2549
CVE-2013-2718
CVE-2013-2719
CVE-2013-2720
CVE-2013-2721
CVE-2013-2722
CVE-2013-2723
CVE-2013-2724
CVE-2013-2725
CVE-2013-2726
CVE-2013-2727
CVE-2013-2729
CVE-2013-2730
CVE-2013-2731
CVE-2013-2732
CVE-2013-2733
CVE-2013-2734
CVE-2013-2735
CVE-2013-2736
CVE-2013-2737
CVE-2013-3337
CVE-2013-3338
CVE-2013-3339
CVE-2013-3340
CVE-2013-3341
CVE-2013-3346
Version: 369
Platform(s): Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 5
Product(s): acroread
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:23771
 
Oval ID: oval:org.mitre.oval:def:23771
Title: ELSA-2013:0826: acroread security update (Critical)
Description: Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
Family: unix Class: patch
Reference(s): ELSA-2013:0826-01
CVE-2013-2549
CVE-2013-2718
CVE-2013-2719
CVE-2013-2720
CVE-2013-2721
CVE-2013-2722
CVE-2013-2723
CVE-2013-2724
CVE-2013-2725
CVE-2013-2726
CVE-2013-2727
CVE-2013-2729
CVE-2013-2730
CVE-2013-2731
CVE-2013-2732
CVE-2013-2733
CVE-2013-2734
CVE-2013-2735
CVE-2013-2736
CVE-2013-2737
CVE-2013-3337
CVE-2013-3338
CVE-2013-3339
CVE-2013-3340
CVE-2013-3341
CVE-2013-3346
Version: 109
Platform(s): Oracle Linux 6
Product(s): acroread
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 55
Application 39

Snort® IPS/IDS

Date Description
2014-05-15 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 30529 - Revision : 6 - Type : FILE-PDF
2014-05-15 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 30528 - Revision : 6 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 28846 - Revision : 9 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 28845 - Revision : 8 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 28844 - Revision : 7 - Type : FILE-PDF
2014-01-10 Adobe Acrobat Reader javascript toolbar button use after free attempt
RuleID : 28843 - Revision : 6 - Type : FILE-PDF

Nessus® Vulnerability Scanner

Date Description
2013-09-15 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201309-10.nasl - Type : ACT_GATHER_INFO
2013-05-16 Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2013-0826.nasl - Type : ACT_GATHER_INFO
2013-05-14 Name : The version of Adobe Acrobat installed on the remote Windows host is affected...
File : adobe_acrobat_apsb13-15.nasl - Type : ACT_GATHER_INFO
2013-05-14 Name : The version of Adobe Reader on the remote Windows host is affected by multipl...
File : adobe_reader_apsb13-15.nasl - Type : ACT_GATHER_INFO
2013-05-14 Name : The version of Adobe Reader on the remote Mac OS X host is affected by multip...
File : macosx_adobe_reader_apsb13-15.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
Date Informations
2014-02-17 11:37:44
  • Multiple Updates
2013-09-15 09:21:11
  • First insertion