Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в Adobe Acrobat / Reader
Опубликовано:1 июля 2010 г.
Источник:
SecurityVulns ID:10964
Тип:клиент
Уровень опасности:
9/10
Описание:Многочисленные повреждения памяти.
Затронутые продукты:ADOBE : Acrobat 9.3
 ADOBE : Reader 9.3
CVE:CVE-2010-2212 (Buffer overflow in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing Flash content with a crafted #1023 (3FFh) tag, a different vulnerability than CVE-2010-1295, CVE-2010-2202, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, and CVE-2010-2211.)
 CVE-2010-2206 (Array index error in AcroForm.api in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted GIF image in a PDF file, which bypasses a size check and triggers a heap-based buffer overflow.)
 CVE-2010-2205 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, access uninitialized memory, which allows attackers to execute arbitrary code via unspecified vectors.)
 CVE-2010-2202 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2010-1295, CVE-2010-2207, CVE-2010-2209, CVE-2010-2210, CVE-2010-2211, and CVE-2010-2212.)
 CVE-2010-2201 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content involving the (1) pushstring (0x2C) operator, (2) debugfile (0xF1) operator, and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2168.)
 CVE-2010-2168 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via a PDF file with crafted Flash content, involving the newfunction (0x44) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-1285 and CVE-2010-2201.)
 CVE-2010-2012 (SQL injection vulnerability in function.php in MigasCMS 1.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.)
 CVE-2010-2006 (Directory traversal vulnerability in op/op.Login.php in LetoDMS (formerly MyDMS) 1.7.2 and earlier allows remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the lang parameter.)
 CVE-2010-2005 (Multiple PHP remote file inclusion vulnerabilities in DataLife Engine (DLE) 8.3 allow remote attackers to execute arbitrary PHP code via a URL in (1) the selected_language parameter to engine/inc/include/init.php, (2) the config[langs] parameter to engine/inc/help.php, (3) the config[lang] parameter to engine/ajax/pm.php, (4) and the _REQUEST[skin] parameter to engine/ajax/addcomments.php.)
 CVE-2010-1285 (Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow attackers to execute arbitrary code via unspecified manipulations involving the newclass (0x58) operator and an "invalid pointer vulnerability" that triggers memory corruption, a different vulnerability than CVE-2010-2168 and CVE-2010-2201.)
Оригинальный текстdocumentZDI, ZDI-10-116: Adobe Reader CLOD Progressive Mesh Continuation Resolution Remote Code Execution Vulnerability (01.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader "newclass" Memory Corruption Vulnerability (CVE-2010-1285) (01.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader "pushstring" Memory Corruption Vulnerability (CVE-2010-2201) (01.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory Corruption Vulnerability (CVE-2010-2168) (01.07.2010)
 documentVUPEN Security Research, VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow Vulnerability (CVE-2010-2212) (01.07.2010)
 documentSECUNIA, Secunia Research: Adobe Reader GIF Image Parsing Array-Indexing Vulnerability (01.07.2010)
 documentSECUNIA, Secunia Research: Adobe Reader JPEG Uninitialised Memory Vulnerability (01.07.2010)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород