Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:24157
HistoryJul 01, 2010 - 12:00 a.m.

VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow Vulnerability (CVE-2010-2212)

2010-07-0100:00:00
vulners.com
9
JSON

VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow
Vulnerability (CVE-2010-2212)

http://www.vupen.com/english/research.php

I. BACKGROUND

"Adobe Acrobat and Reader are the global standards for electronic
document sharing. They are used to create, view, search, digitally
sign, verify, print, and collaborate on Adobe PDF files."

II. DESCRIPTION

VUPEN Vulnerability Research Team discovered a critical vulnerability in
Adobe Acrobat and Reader.

The vulnerability is caused by a buffer overflow error when processing
the undocumented #1023 (3FFh) tag while parsing Flash content within a PDF
document, which could be exploited by attackers to execute arbitrary code
by tricking a user into opening a malicious PDF.

III. AFFECTED PRODUCTS

Adobe Reader version 9.3.2 and prior
Adobe Acrobat version 9.3.2 and prior

IV. Binary Analysis & Proof-of-concept

In-depth binary analysis of the vulnerability and a code execution exploit
are available through the VUPEN Binary Analysis & Exploits Service :

http://www.vupen.com/english/services/ba-index.php

V. SOLUTION

Upgrade to Adobe Acrobat and Reader version 9.3.3 or 8.2.3.

VI. CREDIT

This vulnerability was discovered by Nicolas Joly of VUPEN Security

VII. ABOUT VUPEN Security

VUPEN is a leading IT security research company providing vulnerability
management and security intelligence solutions which enable enterprises
and institutions to eliminate vulnerabilities before they can be exploited,
ensure security policy compliance and meaningfully measure and manage risks.

Governmental and federal agencies, and global enterprises in the financial
services, insurance, manufacturing and technology industries rely on VUPEN
to improve their security, prioritize resources, cut time and costs, and
stay ahead of the latest threats.

VIII. REFERENCES

http://www.vupen.com/english/advisories/2010/1636
http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2212

IX. DISCLOSURE TIMELINE

2009-09-06 - Vendor notified
2009-09-06 - Vendor response
2010-03-08 - Status update received
2010-06-20 - Status update received
2010-06-29 - Coordinated public Disclosure

Related

prion 7
cve 7
ubuntucve 7
securityvulns 1
openvas 6
nessus 11
suse 1
redhat 1
gentoo 1
prion
prion
Memory corruption
2010-06-30 18:30:00
Memory corruption
2010-06-30 18:30:00
Memory corruption
2010-06-30 18:30:00
cve
cve
CVE-2010-2209
2010-06-30 18:30:00
CVE-2010-2202
2010-06-30 18:30:00
CVE-2010-2210
2010-06-30 18:30:00
ubuntucve
ubuntucve
CVE-2010-2210
2010-06-30 00:00:00
CVE-2010-2207
2010-06-30 00:00:00
CVE-2010-1295
2010-06-30 00:00:00
securityvulns
securityvulns
Adobe Acrobat / Reader multiple security vulnerabilities
2010-07-01 00:00:00
openvas
openvas
Adobe Reader Multiple Vulnerabilities -July10 (Linux)
2010-07-12 00:00:00
Adobe Acrobat and Reader Multiple Vulnerabilities -July10 (Windows)
2010-07-12 00:00:00
SuSE Update for acroread SUSE-SA:2010:029
2010-07-12 00:00:00
nessus
nessus
Adobe Reader < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)
2010-06-30 00:00:00
Adobe Acrobat < 9.3.3 / 8.2.3 Multiple Vulnerabilities (APSB10-15)
2010-06-30 00:00:00
SuSE 10 Security Update : acroread (ZYPP Patch Number 7087)
2011-01-27 00:00:00
suse
suse
remote code execution in acroread
2010-07-08 11:59:38
redhat
redhat
(RHSA-2010:0503) Critical: acroread security update
2010-06-30 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2010-09-07 00:00:00
JSON
Related for SECURITYVULNS:DOC:24157
prion7cve7ubuntucve7securityvulns1openvas6nessus11suse1redhat1gentoo1