Executive Summary
Summary | |
---|---|
Title | acroread security update |
Informations | |||
---|---|---|---|
Name | RHSA-2010:0743 | First vendor Publication | 2010-10-06 |
Vendor | RedHat | Last vendor Modification | 2010-10-06 |
Severity (Vendor) | Critical | Revision | 01 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: RHEL Desktop Supplementary (v. 5 client) - i386, x86_64 RHEL Supplementary (v. 5 server) - i386, x86_64 Red Hat Desktop version 4 Extras - i386, x86_64 Red Hat Enterprise Linux AS version 4 Extras - i386, x86_64 Red Hat Enterprise Linux ES version 4 Extras - i386, x86_64 Red Hat Enterprise Linux WS version 4 Extras - i386, x86_64 3. Description: Adobe Reader allows users to view and print documents in Portable Document Format (PDF). This update fixes multiple vulnerabilities in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-21, listed in the References section. A specially-crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-2883, CVE-2010-2884, CVE-2010-2889, CVE-2010-2890, CVE-2010-3619, CVE-2010-3620, CVE-2010-3621, CVE-2010-3622, CVE-2010-3625, CVE-2010-3626, CVE-2010-3627, CVE-2010-3628, CVE-2010-3629, CVE-2010-3630, CVE-2010-3632, CVE-2010-3658) An insecure relative RPATH (runtime library search path) set in some Adobe Reader libraries could allow a local attacker, who is able to convince another user to run Adobe Reader in an attacker-controlled directory, to execute arbitrary code with the privileges of the victim. (CVE-2010-2887) A specially-crafted PDF file could cause Adobe Reader to crash when opened. (CVE-2010-3656, CVE-2010-3657) All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at http://kbase.redhat.com/faq/docs/DOC-11259 5. Bugs fixed (http://bugzilla.redhat.com/): 632267 - CVE-2010-2883 Acroread: Stack-based buffer overflow by processing certain fonts (APSA10-02) 633917 - CVE-2010-2884 Adobe Flash: crash or potential arbitrary code execution (APSB10-22) 639890 - acroread: multiple code execution flaws (APSB10-21) 639903 - acroread: denial of service flaws (APSB10-21) 639913 - CVE-2010-2887 acroread: use of insecure RPATH (APSB10-21) |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2010-0743.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
57 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
36 % | CWE-20 | Improper Input Validation |
7 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11586 | |||
Oval ID: | oval:org.mitre.oval:def:11586 | ||
Title: | Adobe Reader and Acrobat CoolType.dll Font Parsing Buffer Overflow Vulnerability | ||
Description: | Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2883 | Version: | 20 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:14416 | |||
Oval ID: | oval:org.mitre.oval:def:14416 | ||
Title: | DEPRECATED: Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors. | ||
Description: | Multiple unspecified vulnerabilities in Adobe Reader and Acrobat 9.x before 9.4 on Linux allow attackers to gain privileges via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2887 | Version: | 12 |
Platform(s): | Microsoft Windows 7 Microsoft Windows Server 2008 Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows XP Microsoft Windows 2000 | Product(s): | Adobe Acrobat Adobe Reader |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:21982 | |||
Oval ID: | oval:org.mitre.oval:def:21982 | ||
Title: | RHSA-2010:0706: flash-plugin security update (Critical) | ||
Description: | Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0706-01 CVE-2010-2884 | Version: | 4 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22336 | |||
Oval ID: | oval:org.mitre.oval:def:22336 | ||
Title: | RHSA-2010:0743: acroread security update (Critical) | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0743-01 CVE-2010-2883 CVE-2010-2884 CVE-2010-2887 CVE-2010-2889 CVE-2010-2890 CVE-2010-3619 CVE-2010-3620 CVE-2010-3621 CVE-2010-3622 CVE-2010-3625 CVE-2010-3626 CVE-2010-3627 CVE-2010-3628 CVE-2010-3629 CVE-2010-3630 CVE-2010-3632 CVE-2010-3656 CVE-2010-3657 CVE-2010-3658 | Version: | 250 |
Platform(s): | Red Hat Enterprise Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:22988 | |||
Oval ID: | oval:org.mitre.oval:def:22988 | ||
Title: | ELSA-2010:0743: acroread security update (Critical) | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0743-01 CVE-2010-2883 CVE-2010-2884 CVE-2010-2887 CVE-2010-2889 CVE-2010-2890 CVE-2010-3619 CVE-2010-3620 CVE-2010-3621 CVE-2010-3622 CVE-2010-3625 CVE-2010-3626 CVE-2010-3627 CVE-2010-3628 CVE-2010-3629 CVE-2010-3630 CVE-2010-3632 CVE-2010-3656 CVE-2010-3657 CVE-2010-3658 | Version: | 81 |
Platform(s): | Oracle Linux 5 | Product(s): | acroread |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23120 | |||
Oval ID: | oval:org.mitre.oval:def:23120 | ||
Title: | ELSA-2010:0706: flash-plugin security update (Critical) | ||
Description: | Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0706-01 CVE-2010-2884 | Version: | 6 |
Platform(s): | Oracle Linux 5 | Product(s): | flash-plugin |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:6772 | |||
Oval ID: | oval:org.mitre.oval:def:6772 | ||
Title: | Adobe Reader and Acrobat Prefix Protocol Handler Code Execution Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified vectors, related to a "prefix protocol handler vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3625 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6791 | |||
Oval ID: | oval:org.mitre.oval:def:6791 | ||
Title: | Adobe Reader and Acrobat Denial of Service Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3656. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3657 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6830 | |||
Oval ID: | oval:org.mitre.oval:def:6830 | ||
Title: | Adobe Reader and Acrobat Denial of Service Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2890 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:6852 | |||
Oval ID: | oval:org.mitre.oval:def:6852 | ||
Title: | Adobe Flash Player, Acrobat Reader, and Acrobat Remote Code Execution Vulnerability | ||
Description: | Adobe Flash Player 10.1.82.76 and earlier on Windows, Mac OS X, Linux, and Solaris and 10.1.92.10 on Android; authplay.dll in Adobe Reader and Acrobat 9.x before 9.4; and authplay.dll in Adobe Reader and Acrobat 8.x before 8.2.5 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, as exploited in the wild in September 2010. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2884 | Version: | 27 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 Microsoft Windows Server 2008 R2 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows 8.1 Microsoft Windows Server 2012 R2 | Product(s): | Adobe Flash Player Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7007 | |||
Oval ID: | oval:org.mitre.oval:def:7007 | ||
Title: | Adobe Reader and Acrobat Code Execution via crafted image Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3620. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3629 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7009 | |||
Oval ID: | oval:org.mitre.oval:def:7009 | ||
Title: | Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-3626. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-2889 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7057 | |||
Oval ID: | oval:org.mitre.oval:def:7057 | ||
Title: | Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3632 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7138 | |||
Oval ID: | oval:org.mitre.oval:def:7138 | ||
Title: | Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3622 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7225 | |||
Oval ID: | oval:org.mitre.oval:def:7225 | ||
Title: | Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, and CVE-2010-3632. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3658 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7356 | |||
Oval ID: | oval:org.mitre.oval:def:7356 | ||
Title: | Adobe Reader and Acrobat Arbitrary Code Execution Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3627 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7382 | |||
Oval ID: | oval:org.mitre.oval:def:7382 | ||
Title: | Adobe Reader and Acrobat Font Parsing Code Execution Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted font, a different vulnerability than CVE-2010-2889. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3626 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7385 | |||
Oval ID: | oval:org.mitre.oval:def:7385 | ||
Title: | Memory Corruption via unspecified vectors vulnerability in Adobe Reader and Acrobat. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3621, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3619 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7386 | |||
Oval ID: | oval:org.mitre.oval:def:7386 | ||
Title: | Adobe Reader and Acrobat Memory Corruption Code Execution Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3622, CVE-2010-3628, CVE-2010-3632, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3621 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7393 | |||
Oval ID: | oval:org.mitre.oval:def:7393 | ||
Title: | Adobe Reader and Acrobat Denial of Service and Arbitrary Code Execution Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3630 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7455 | |||
Oval ID: | oval:org.mitre.oval:def:7455 | ||
Title: | Adobe Reader and Acrobat Arbitrary Code Execution and Denial of Service Vulnerability. | ||
Description: | Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-2890, CVE-2010-3619, CVE-2010-3621, CVE-2010-3622, CVE-2010-3632, and CVE-2010-3658. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3628 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7484 | |||
Oval ID: | oval:org.mitre.oval:def:7484 | ||
Title: | Adobe Reader and Acrobat Denial of Service Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to cause a denial of service via unknown vectors, a different vulnerability than CVE-2010-3657. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3656 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:7589 | |||
Oval ID: | oval:org.mitre.oval:def:7589 | ||
Title: | Adobe Reader and Acrobat Image Parsing Code Execution Vulnerability. | ||
Description: | Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows attackers to execute arbitrary code via a crafted image, a different vulnerability than CVE-2010-3629. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-3620 | Version: | 19 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows 7 | Product(s): | Adobe Reader Adobe Acrobat |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Adobe Reader CoolType.dll buffer overflow | More info here |
ExploitDB Exploits
id | Description |
---|---|
2010-09-25 | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
2010-09-20 | Adobe CoolType SING Table "uniqueName" Stack Buffer Overflow |
OpenVAS Exploits
Date | Description |
---|---|
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-08 (acroread) File : nvt/glsa_201101_08.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201101-09 (adobe-flash) File : nvt/glsa_201101_09.nasl |
2010-10-19 | Name : SuSE Update for acroread SUSE-SA:2010:048 File : nvt/gb_suse_2010_048.nasl |
2010-10-18 | Name : Adobe Acrobat and Reader Multiple Vulnerabilities -Oct10 (Windows) File : nvt/gb_adobe_prdts_mult_vuln_oct10_win.nasl |
2010-10-18 | Name : Adobe Reader Multiple Unspecified Vulnerabilities -Oct10 (Linux) File : nvt/gb_adobe_reader_mult_unspecified_oct10_lin.nasl |
2010-10-10 | Name : FreeBSD Ports: linux-flashplugin File : nvt/freebsd_linux-flashplugin10.nasl |
2010-10-01 | Name : SuSE Update for flash-player SUSE-SA:2010:042 File : nvt/gb_suse_2010_042.nasl |
2010-09-21 | Name : Adobe Reader/Flash Player Content Code Execution Vulnerability (Linux) File : nvt/secpod_adobe_prdts_content_code_execution_vuln_lin.nasl |
2010-09-21 | Name : Adobe Products Content Code Execution Vulnerability (Windows) File : nvt/secpod_adobe_prdts_content_code_execution_vuln_win.nasl |
2010-09-15 | Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Win) File : nvt/gb_adobe_prdts_sing_bof_vuln_win.nasl |
2010-09-15 | Name : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Linux) File : nvt/gb_adobe_reader_sing_bof_vuln_lin.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
68435 | Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3658) An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service. |
68434 | Adobe Reader / Acrobat Unspecified DoS (2010-3657) Adobe Reader and Acrobat contain an unspecified flaw that may allow an attacker to cause a denial of service. No further details have been provided. |
68433 | Adobe Reader / Acrobat Unspecified DoS (2010-3656) Adobe Reader and Acrobat contain an unspecified flaw that may allow an attacker to cause a denial of service. No further details have been provided. |
68432 | Adobe Reader / Acrobat Unspecified File Format String Handling Memory Corruption A memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize user-supplied input when handling an embedded string's length in a particular file, resulting in memory corruption. With a specially crafted string within a crafted file, a context-dependent attacker can execute arbitrary code. |
68430 | Adobe Reader / Acrobat AcroRd32.dll sub_60AF56 Function Memory Corruption A memory corruption flaw exists in Adobe Reader and Acrobat. The 3difr and AcroRd32.dll modules fail to sanitize user-supplied input when the 'sub_60AF56' function access violates when encounter ESI register data, resulting in memory corruption. With a specially crafted .PDF file, a context-dependent attacker can execute arbitrary code. |
68429 | Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20... Adobe Reader and Acrobat contain a flaw related to image-parsing input validation that may allow a context-dependent attacker to use a crafted image to execute arbitrary code. No further details have been provided. |
68428 | Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3628) An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The programs fail to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service. |
68427 | Adobe Reader / Acrobat PDF Flash Code Handling Arbitrary Code Execution Adobe Reader and Acrobat contain a use-after-free flaw related to a released memory chunk being invalidly used. This may allow a context-dependent attacker to use a crafted .PDF file with PAGES thumbnails to trigger an 'ACCESS_VIOLATION' and execute arbitrary code. |
68426 | Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201... Adobe Reader and Acrobat contain an unspecified flaw that may allow a context-dependent attacker to use a crafted font to execute arbitrary code. No further details have been provided. |
68425 | Adobe Reader / Acrobat Prefix Protocol Handler Arbitrary Code Execution (2010... Adobe Reader and Acrobat contain an unspecified flaw related to a prefix protocol handler vulnerability. This may allow an attacker to execute arbitrary code. No further details have been provided. |
68422 | Adobe Reader / Acrobat ACE.dll ICC Stream mluc Structure Handling Memory Corr... A memory corruption flaw exists in Adobe Reader and Acrobat. The ACE.dll module fails to sanitize user-supplied input when an attacker forges an integer value derived from arithmetic performed on the second DWORD of the mulc structure and desc structure, resulting in memory corruption. With a specially crafted file or web page, a context-dependent attacker can execute arbitrary code. |
68421 | Adobe Reader / Acrobat ACE.dll ICC Stream Handling Memory Corruption A memory corruption flaw exists in Adobe Reader and Acrobat. The ACE.dll module fails to sanitize user-supplied input when parsing ICC streams, resulting in memory corruption. With a specially crafted file or web page, a context-dependent attacker can overflow a stack buffer and execute arbitrary code. |
68420 | Adobe Reader / Acrobat Unspecified Crafted Image Arbitrary Code Execution (20... Adobe Reader and Acrobat contain an image-parsing input validation flaw related that may allow a context-dependent attacker to use a crafted image to execute arbitrary code. No further details have been provided. |
68419 | Adobe Reader / Acrobat Unspecified Memory Corruption (2010-3619) An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service. |
68418 | Adobe Reader / Acrobat Unspecified Memory Corruption (2010-2890) An unspecified memory corruption flaw exists in Adobe Reader and Acrobat. The program fails to sanitize certain unspecified user-supplied input resulting in memory corruption. This may allow an attacker to execute arbitrary code or cause a denial of service. |
68416 | Adobe Reader / Acrobat Unspecified Crafted Font Arbitrary Code Execution (201... Adobe Reader and Acrobat contains a flaw related to font-parsing input validation that may allow a context-dependent attacker to use a crafted font to execute arbitrary code. No further details have been provided. |
68412 | Adobe Reader / Acrobat on Linux Multiple Unspecified Privilege Escalation Adobe Reader and Acrobat on Linux contain multiple flaws related to an insecure relative RPATH that may allow an attacker to gain access to unauthorized privileges. The issue can be exploited by malicious, local users to gain escalated privileges and execute arbitrary code by tricking a user into running the program in an attacker-controlled directory. |
68024 | Adobe Flash Player Unspecified Code Execution Adobe Flash Player contains a flaw that may allow an attacker to run arbitrary code. The issue is triggered when a specially crafted .SWF file is viewed using a standalone player or within a Flash browser plugin. |
67849 | Adobe Reader / Acrobat CoolType.dll SING (Smart INdependent Glyphlets) Font u... Acrobat and Reader are prone to an overflow condition. The application fails to properly sanitize the "uniqueName" field within the SING table structure of TrueType fonts resulting in a stack buffer overflow. With a specially crafted file, a context-dependent attacker can potentially cause arbitrary code execution. |
Snort® IPS/IDS
Date | Description |
---|---|
2020-01-16 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52484 - Revision : 1 - Type : FILE-PDF |
2020-01-16 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52483 - Revision : 1 - Type : FILE-PDF |
2019-12-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52125 - Revision : 2 - Type : FILE-PDF |
2019-12-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 52124 - Revision : 2 - Type : FILE-PDF |
2015-03-31 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 33602 - Revision : 2 - Type : FILE-PDF |
2015-03-31 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 33601 - Revision : 2 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 28727 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 28726 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 28725 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28657 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28656 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28655 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28654 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28653 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28652 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28651 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28650 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28649 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28648 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28647 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28646 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28645 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28644 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28380 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28379 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28378 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28377 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28376 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28375 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 28374 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 28261 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC remote memory corruption attempt RuleID : 28260 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC remote memory corruption attempt RuleID : 28257 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 28256 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Teletubbies exploit kit payload download RuleID : 27887 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Teletubbies exploit kit exploit attempt for Adobe Flash Player RuleID : 27882 - Revision : 2 - Type : EXPLOIT-KIT |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 18991 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 18990 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 18989 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 18988 - Revision : 12 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 18987 - Revision : 15 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader and Acrobat TTF SING table parsing remote code execution... RuleID : 18986 - Revision : 15 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader ICC mluc integer overflow attempt RuleID : 18308 - Revision : 15 - Type : FILE-PDF |
2014-01-10 | Adobe Flash Player and Reader remote code execution attempt RuleID : 17257 - Revision : 12 - Type : FILE-FLASH |
2014-01-10 | Adobe Acrobat Reader TTF SING table parsing remote code execution attempt RuleID : 17233 - Revision : 13 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_flash-player-100921.nasl - Type : ACT_GATHER_INFO |
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_acroread-101007.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_flash-player-7165.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-7181.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-7182.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-09.nasl - Type : ACT_GATHER_INFO |
2011-01-24 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201101-08.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_acroread-101007.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-101007.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_flash-player-100921.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-101007.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_acroread-101007.nasl - Type : ACT_GATHER_INFO |
2010-10-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0743.nasl - Type : ACT_GATHER_INFO |
2010-09-23 | Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_8a34d9e6c66211dfb2e1001b2134ef46.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_flash-player-100921.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_flash-player-100921.nasl - Type : ACT_GATHER_INFO |
2010-09-22 | Name : The remote Red Hat host is missing a security update. File : redhat-RHSA-2010-0706.nasl - Type : ACT_GATHER_INFO |
2010-09-21 | Name : The remote Windows host contains a browser plug-in that is affected by a code... File : flash_player_apsb10-22.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_apsa10-02.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The version of Adobe Reader on the remote Windows host is affected by multipl... File : adobe_reader_apsa10-02.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:53:53 |
|