Buffer overflow : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801516

Categoría: Buffer overflow

Título: Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability - Linux

Resumen: Adobe Reader is prone to a buffer overflow vulnerability.

Descripción: Summary:
Adobe Reader is prone to a buffer overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.

Vulnerability Impact:
Successful exploitation will let attackers to crash an affected application or
execute arbitrary code by tricking a user into opening a specially crafted PDF
document.

Affected Software/OS:
Adobe Reader version 9.3.4 and prior.

Solution:
Upgrade to Adobe Reader version 9.4.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-2883
BugTraq ID: 43057
http://www.securityfocus.com/bid/43057
Cert/CC Advisory: TA10-279A
http://www.us-cert.gov/cas/techalerts/TA10-279A.html
CERT/CC vulnerability note: VU#491991
http://www.kb.cert.org/vuls/id/491991
http://security.gentoo.org/glsa/glsa-201101-08.xml
http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
http://www.redhat.com/support/errata/RHSA-2010-0743.html
http://secunia.com/advisories/41340
http://secunia.com/advisories/43025
SuSE Security Announcement: SUSE-SA:2010:048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-2
http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
http://www.vupen.com/english/advisories/2010/2331
http://www.vupen.com/english/advisories/2011/0191
http://www.vupen.com/english/advisories/2011/0344
XForce ISS Database: adobe-reader-cooltype-code-execution(61635)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61635

Copyright Copyright (C) 2010 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801516
Categoría:	Buffer overflow
Título:	Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability - Linux
Resumen:	Adobe Reader is prone to a buffer overflow vulnerability.
Descripción:	Summary: Adobe Reader is prone to a buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error within 'CoolType.dll' when processing the 'uniqueName' entry of SING tables in fonts. Vulnerability Impact: Successful exploitation will let attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document. Affected Software/OS: Adobe Reader version 9.3.4 and prior. Solution: Upgrade to Adobe Reader version 9.4. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-2883 BugTraq ID: 43057 http://www.securityfocus.com/bid/43057 Cert/CC Advisory: TA10-279A http://www.us-cert.gov/cas/techalerts/TA10-279A.html CERT/CC vulnerability note: VU#491991 http://www.kb.cert.org/vuls/id/491991 http://security.gentoo.org/glsa/glsa-201101-08.xml http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586 http://www.redhat.com/support/errata/RHSA-2010-0743.html http://secunia.com/advisories/41340 http://secunia.com/advisories/43025 SuSE Security Announcement: SUSE-SA:2010:048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html TurboLinux Advisory: TLSA-2011-2 http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt http://www.vupen.com/english/advisories/2010/2331 http://www.vupen.com/english/advisories/2011/0191 http://www.vupen.com/english/advisories/2011/0344 XForce ISS Database: adobe-reader-cooltype-code-execution(61635) https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
Copyright	Copyright (C) 2010 Greenbone AG