Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
дополнено с 16 сентября 2011 г.
Опубликовано:31 октября 2011 г.
Источник:
SecurityVulns ID:11911
Тип:клиент
Уровень опасности:
7/10
Описание:Повышение привилегий, утечка памяти, выполнение кода, многочисленные переполнения буфера.
Затронутые продукты:ADOBE : Reader 10.1
 ADOBE : Acrobat 10.1
CVE:CVE-2011-2442 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "logic error vulnerability.")
 CVE-2011-2441 (Multiple stack-based buffer overflows in CoolType.dll in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2440 (Use-after-free vulnerability in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2439 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "memory leakage condition vulnerability.")
 CVE-2011-2438 (Multiple stack-based buffer overflows in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2437 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2434.)
 CVE-2011-2436 (Heap-based buffer overflow in the image-parsing library in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2435 (Buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2434 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2433 and CVE-2011-2437.)
 CVE-2011-2433 (Heap-based buffer overflow in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2011-2434 and CVE-2011-2437.)
 CVE-2011-2432 (Buffer overflow in the U3D TIFF Resource in Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2011-2431 (Adobe Reader and Acrobat 8.x before 8.3.1, 9.x before 9.4.6, and 10.x before 10.1.1 allow attackers to execute arbitrary code via unspecified vectors, related to a "security bypass vulnerability.")
 CVE-2011-2411 (Unspecified vulnerability on HP NonStop Servers with software H06.x through H06.23.00 and J06.x through J06.12.00, when Samba is used, allows remote authenticated users to execute arbitrary code via unknown vectors.)
 CVE-2011-1353 (Unspecified vulnerability in Adobe Reader 10.x before 10.1.1 on Windows allows local users to gain privileges via unknown vectors.)
Оригинальный текстdocumentZDI, ZDI-11-296 : Adobe Reader BMP Image RLE Decoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-298 : Adobe Reader U3D IFF RGBA Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-299 : Adobe Reader PICT Parsing Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-300 : Adobe Reader U3D PICT 10h Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-302 : Adobe Reader U3D TIFF Resource Buffer Overflow Remote Code Execution Vulnerability (31.10.2011)
 documentZDI, ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability (31.10.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader TIFF BitsPerSample Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader IFF Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader PCX Processing Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader BMP Dimensions Heap Overflow Vulnerability (16.09.2011)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader Picture Processing Stack Overflow Vulnerability (16.09.2011)
 documentIDEFENSE, iDefense Security Advisory 09.13.11: Adobe Reader and Acrobat JPEG Processing Use After Free Vulnerability (16.09.2011)
 documentADOBE, Security updates available for Adobe Reader and Acrobat (16.09.2011)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород