Информационная безопасность
[RU] switch to English


Многочисленные уязвимости в Adobe Acrobat / Reader
дополнено с 14 октября 2009 г.
Опубликовано:19 октября 2009 г.
Источник:
SecurityVulns ID:10320
Тип:удаленная
Уровень опасности:
8/10
Описание:Многочисленные повреждения памяти, переполнения индексов массива и т.п.
Затронутые продукты:ADOBE : Adobe Reader 8.1
 ADOBE : Adobe Reader 9.1
 ADOBE : Adobe Reader 7.1
CVE:CVE-2009-3459 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.)
 CVE-2009-3458 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2998.)
 CVE-2009-2998 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 do not properly validate input, which might allow attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-3458.)
 CVE-2009-2997 (Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2991 (Unspecified vulnerability in the Mozilla plug-in in Adobe Reader and Acrobat 8.x before 8.1.7, and possibly 7.x before 7.1.4 and 9.x before 9.2, might allow remote attackers to execute arbitrary code via unknown vectors.)
 CVE-2009-2990 (Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.)
 CVE-2009-2985 (Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2009-2996.)
Оригинальный текстdocumentcocoruder, In-depth research on the recent PDF zero-day exploit (CVE-2009-3459) (19.10.2009)
 documentsecurity_(at)_nruns.com, n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution (17.10.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities (17.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability (14.10.2009)
 documentZDI, ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability (14.10.2009)
 documentIDEFENSE, iDefense Security Advisory 10.13.09: Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability (14.10.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-286B -- Adobe Reader and Acrobat Vulnerabilities (14.10.2009)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород