Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-0589
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T21:58:25.991Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "ADV-2011-0492", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "name": "43470", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/43470" }, { "name": "adobe-reader-acrobat-unspec-ce(65294)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "name": "RHSA-2011:0301", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "name": "46202", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/46202" }, { "name": "ADV-2011-0337", "tags": [ "vdb-entry", "x_refsource_VUPEN", "x_transferred" ], "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "name": "oval:org.mitre.oval:def:12497", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" }, { "name": "1025033", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1025033" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "name": "SUSE-SA:2011:025", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2011-02-08T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "ADV-2011-0492", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "name": "43470", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/43470" }, { "name": "adobe-reader-acrobat-unspec-ce(65294)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "name": "RHSA-2011:0301", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "name": "46202", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/46202" }, { "name": "ADV-2011-0337", "tags": [ "vdb-entry", "x_refsource_VUPEN" ], "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "name": "oval:org.mitre.oval:def:12497", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" }, { "name": "1025033", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1025033" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "name": "SUSE-SA:2011:025", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2011-0492", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "name": "43470", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43470" }, { "name": "adobe-reader-acrobat-unspec-ce(65294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "name": "RHSA-2011:0301", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "name": "46202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46202" }, { "name": "ADV-2011-0337", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "name": "oval:org.mitre.oval:def:12497", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" }, { "name": "1025033", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025033" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-0589", "datePublished": "2011-02-10T17:00:00", "dateReserved": "2011-01-20T00:00:00", "dateUpdated": "2024-08-06T21:58:25.991Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2011-0589\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2011-02-10T18:00:58.363\",\"lastModified\":\"2024-11-21T01:24:22.007\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.\"},{\"lang\":\"es\",\"value\":\"Adobe Reader y Acrobat v10.x anterior a v10.0.1, v9.x anterior a v9.4.2, y v8.x anterior a v8.2.6 en Windows y Mac OS X permiten a los atacantes ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente de CVE-2011-0563 y CVE-2011-0606.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"996EB48E-D2A8-49E4-915A-EBDE26A9FB94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97E20936-EE31-4CEB-A710-3165A28BAD69\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BD9952C-A1D0-4DFB-A292-9B86D7EAE5FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5BEA847-A71E-4336-AB67-B3C38847C1C3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39F6994B-6969-485B-9286-2592B11A47BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC533775-B52E-43F0-BF19-1473BE36232D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18D1C85E-42CC-46F2-A7B6-DAC3C3995330\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C4670451-511E-496C-A78A-887366E1E992\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2A4F62-7AB5-4134-9A65-4B4E1EA262A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"35994F76-CD13-4301-9134-FC0CBEA37D97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FB61191-F955-4DE6-A86B-36E031DE1F99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E32D68D5-6A79-454B-B14F-9BC865413E3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A57581C-A139-41C3-B9DB-0C4CFA7A1BB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"562772F1-1627-438E-A6B8-7D1AA5536086\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27D5AF92-A8E1-41BD-B20A-EB26BB6AD4DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F25C9167-C6D4-4264-9197-50878EDA2D96\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD1D7308-09E9-42B2-8836-DC2326C62A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5C251D2-4C9B-4029-8BED-0FCAED3B8E89\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2432AC17-5378-4C61-A775-5172FD44EC03\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6BA82F4-470D-4A46-89B2-D2F3C8FA31C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39EDED39-664F-4B68-B422-2CCCA3B83550\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B508C5CE-1386-47B3-B301-B78DBB3A75D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DDC2EEB6-D5EC-430F-962A-1279C9970441\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DC590C7-5BDE-4E46-9605-01E95B17F01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DCFE67F4-6907-4967-96A3-1757EADA72BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"41DFBB39-4BC6-48BB-B66E-99DA4C7DBCE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9731EFE2-A5BE-4389-A92D-DDC573633B6C\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26AE76F7-D7F6-4AF2-A5C6-708B5642C288\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"749FFB51-65D4-4A4B-95F3-742440276897\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8665E53-EC1E-4B95-9064-2565BC12113E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24218FDA-F9DA-465A-B5D5-76A55C7EE04E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E2C5F1C5-85CD-47B9-897F-E51D6902AF72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0E190FF-3EBC-44AB-8072-4D964E843E8A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A624D44-C135-4ED3-9BA4-F4F8A044850B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B95C0A99-42E4-40A9-BF61-507E4E4DC052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B9F55CC-3681-4A67-99D1-3F40447392D5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9C0AC89-804B-44A1-929A-118993B6BAA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39B174C3-1BA6-4654-BFA4-CC126454E147\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6ACDAA2B-3977-4590-9F16-5DDB6FF6545B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB7C4E07-0909-4114-BBFB-92626AFC49BB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7832B75B-7868-44DE-A9A4-CBD9CC117DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5AA53564-9ACD-4CFB-9AAC-A77440026A57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C7EC46E3-77B7-4455-B3E0-A45C6B69B3DC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4F475858-DCE2-4C93-A51A-04718DF17593\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88687272-4CD0-42A2-B727-C322ABDE3549\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1E5C4FA4-3786-47AF-BD7D-8E75927EB3AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B35CC915-EEE3-4E86-9E09-1893C725E07B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"76201694-E5C5-4CA3-8919-46937AFDAAE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"397AB988-1C2C-4247-9B34-806094197CB5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8FA0B8C3-8060-4685-A241-9852BD63B7A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4AB9BBDE-634A-47CF-BA49-67382B547900\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F56B1726-4F05-4732-9D8B-077EF593EAEC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A258374F-55CB-48D2-9094-CD70E1288F60\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"627B0DA4-E600-49F1-B455-B4E151B33236\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B57C5136-7853-478B-A342-6013528B41B4\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF5999A-9D12-4CDD-8DE9-A89C10B2D574\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://secunia.com/advisories/43470\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-03.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0301.html\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securityfocus.com/bid/46202\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.securitytracker.com/id?1025033\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0337\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0492\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65294\",\"source\":\"psirt@adobe.com\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497\",\"source\":\"psirt@adobe.com\"},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/43470\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb11-03.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2011-0301.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/46202\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id?1025033\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.vupen.com/english/advisories/2011/0337\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2011/0492\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/65294\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}" } }
var-201102-0074
Vulnerability from variot
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. Adobe Reader and Acrobat Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. Adobe Reader and Acrobat versions prior to 9.4.2 and 10.0.1 are affected. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
SUSE Security Announcement
Package: flash-player
Announcement ID: SUSE-SA:2011:025
Date: Tue, 17 May 2011 12:00:00 +0000
Affected Products: openSUSE 11.3
openSUSE 11.4
SUSE Linux Enterprise Desktop 11 SP1
SUSE Linux Enterprise Desktop 10 SP4
Vulnerability Type: remote code execution
CVSS v2 Base Score: 6.8
SUSE Default Package: yes
Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619
CVE-2011-0620, CVE-2011-0621, CVE-2011-0622
CVE-2011-0623, CVE-2011-0624, CVE-2011-0625
CVE-2011-0626, CVE-2011-0627
Content of This Advisory:
1) Problem Description
flash-player security update to 10.3
2) Solution or Work-Around
3) Special Instructions and Notes
4) Package Location and Checksums
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
6) Authenticity Verification and Additional Information
1) Problem Description and Brief Discussion
Flash Player has been updated to version 10.3, fixing bugs and security issues. - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Numeric Errors (CWE-189) - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Buffer Errors (CWE-119) - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20) - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P): Input Validation (CWE-20)
More information can be found on: http://www.adobe.com/support/security/bulletins/apsb11-12.html
2) Solution or Work-Around
If supported by the browser, you can disable the flash plugin.
3) Special Instructions and Notes
After the flash player update has been installed, all programs utilizing the flash plugin should be restarted. In particular web browser sessions should be restarted.a
4) Package Location and Checksums
The preferred method for installing security updates is to use the YaST "Online Update" module or the "zypper" commandline tool. The package and patch management stack will detect which updates are required and automatically perform the necessary steps to verify and install them.
Alternatively, download the update packages for your distribution manually and verify their integrity by the methods listed in Section 6 of this announcement. Then install the packages using the command
rpm -Fhv <file.rpm>
to apply the update, replacing
x86 Platform:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm
Sources:
openSUSE 11.4: http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
openSUSE 11.3: http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm
Our maintenance customers are notified individually. The packages are offered for installation from the maintenance web:
SUSE Linux Enterprise Desktop 10 SP4 http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69
SUSE Linux Enterprise Desktop 11 SP1 http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad
5) Pending Vulnerabilities, Solutions, and Work-Arounds:
See SUSE Security Summary Report.
6) Authenticity Verification and Additional Information
-
Announcement authenticity verification:
SUSE security announcements are published via mailing lists and on Web sites. The authenticity and integrity of a SUSE security announcement is guaranteed by a cryptographic signature in each announcement. All SUSE security announcements are published with a valid signature.
To verify the signature of the announcement, save it as text into a file and run the command
gpg --verify
replacing
with the name of the file where you saved the announcement. The output for a valid signature looks like: gpg: Signature made
using RSA key ID 3D25D3D9 gpg: Good signature from "SuSE Security Team security@suse.de" where
is replaced by the date the document was signed. If the security team's key is not contained in your key ring, you can import it from the first installation CD. To import the key, use the command
gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc
-
Package authenticity verification:
SUSE update packages are available on many mirror FTP servers all over the world. While this service is considered valuable and important to the free and open source software community, the authenticity and the integrity of a package needs to be verified to ensure that it has not been tampered with.
The internal rpm package signatures provide an easy way to verify the authenticity of an RPM package. Use the command
rpm -v --checksig
to verify the signature of the package, replacing
with the filename of the RPM package downloaded. The package is unmodified if it contains a valid signature from build@suse.de with the key ID 9C800ACA. This key is automatically imported into the RPM database (on RPMv4-based distributions) and the gpg key ring of 'root' during installation. You can also find it on the first installation CD and at the end of this announcement.
-
SUSE runs two security mailing lists to which any interested party may subscribe:
opensuse-security@opensuse.org - General Linux and SUSE security discussion. All SUSE security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security+subscribe@opensuse.org.
opensuse-security-announce@opensuse.org - SUSE's announce-only mailing list. Only SUSE's security announcements are sent to this list. To subscribe, send an e-mail to opensuse-security-announce+subscribe@opensuse.org. The security@suse.de public key is listed below. =====================================================================
The information in this advisory may be distributed or reproduced, provided that the advisory is not modified in any way. In particular, the clear text signature should show proof of the authenticity of the text.
SUSE Linux Products GmbH provides no warranties of any kind whatsoever with respect to the information contained in this security advisory.
Type Bits/KeyID Date User ID pub 2048R/3D25D3D9 1999-03-06 SuSE Security Team security@suse.de pub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key build@suse.de
- -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2 (GNU/Linux)
mQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA BqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz JR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh 1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U P7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+ cZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg VGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b yHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7 tQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ xG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63 Om8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo choXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI BkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u v/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+ x9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0 Ix30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq MkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2 saqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o L0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU F7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS FQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW tp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It Klj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF AjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+ 3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk YS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP +Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR 8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U 8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S cZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh ELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB UVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo AqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n KFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi BBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro nIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg KL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx yoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn B/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV wM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh UzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF 5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3 D3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu zgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd 9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi a5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13 CNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp 271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE t5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG B/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw rbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt IJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL rWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H RKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa g8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA CspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO =ypVs - -----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux)
iQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh fF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6 3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924 6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh wYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9 rQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw== =mivB -----END PGP SIGNATURE-----
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ .
For more information: SA43207
SOLUTION: Updated packages are available via Red Hat Network. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201110-11
http://security.gentoo.org/
Severity: Normal Title: Adobe Flash Player: Multiple vulnerabilities Date: October 13, 2011 Bugs: #354207, #359019, #363179, #367031, #370215, #372899, #378637, #384017 ID: 201110-11
Synopsis
Multiple vulnerabilities in Adobe Flash Player might allow remote attackers to execute arbitrary code or cause a Denial of Service.
Background
The Adobe Flash Player is a renderer for the SWF file format, which is commonly used to provide interactive websites. Please review the CVE identifiers and Adobe Security Advisories and Bulletins referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot -v ">=www-plugins/adobe-flash-10.3.183.10"
References
[ 1 ] APSA11-01 http://www.adobe.com/support/security/advisories/apsa11-01.html [ 2 ] APSA11-02 http://www.adobe.com/support/security/advisories/apsa11-02.html [ 3 ] APSB11-02 http://www.adobe.com/support/security/bulletins/apsb11-02.html [ 4 ] APSB11-12 http://www.adobe.com/support/security/bulletins/apsb11-12.html [ 5 ] APSB11-13 http://www.adobe.com/support/security/bulletins/apsb11-13.html [ 6 ] APSB11-21 https://www.adobe.com/support/security/bulletins/apsb11-21.html [ 7 ] APSB11-26 https://www.adobe.com/support/security/bulletins/apsb11-26.html [ 8 ] CVE-2011-0558 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558 [ 9 ] CVE-2011-0559 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559 [ 10 ] CVE-2011-0560 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560 [ 11 ] CVE-2011-0561 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561 [ 12 ] CVE-2011-0571 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571 [ 13 ] CVE-2011-0572 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572 [ 14 ] CVE-2011-0573 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573 [ 15 ] CVE-2011-0574 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574 [ 16 ] CVE-2011-0575 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575 [ 17 ] CVE-2011-0577 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577 [ 18 ] CVE-2011-0578 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578 [ 19 ] CVE-2011-0579 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579 [ 20 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 21 ] CVE-2011-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607 [ 22 ] CVE-2011-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608 [ 23 ] CVE-2011-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609 [ 24 ] CVE-2011-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611 [ 25 ] CVE-2011-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618 [ 26 ] CVE-2011-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619 [ 27 ] CVE-2011-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620 [ 28 ] CVE-2011-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621 [ 29 ] CVE-2011-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622 [ 30 ] CVE-2011-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623 [ 31 ] CVE-2011-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624 [ 32 ] CVE-2011-0625 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625 [ 33 ] CVE-2011-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626 [ 34 ] CVE-2011-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627 [ 35 ] CVE-2011-0628 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628 [ 36 ] CVE-2011-2107 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107 [ 37 ] CVE-2011-2110 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110 [ 38 ] CVE-2011-2125 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 39 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 40 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 41 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 42 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 43 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 44 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 45 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 46 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 47 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 48 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 49 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 50 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 51 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 52 ] CVE-2011-2426 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426 [ 53 ] CVE-2011-2427 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427 [ 54 ] CVE-2011-2428 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428 [ 55 ] CVE-2011-2429 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429 [ 56 ] CVE-2011-2430 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430 [ 57 ] CVE-2011-2444 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201110-11.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2011 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43207
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43207
RELEASE DATE: 2011-02-09
DISCUSS ADVISORY: http://secunia.com/advisories/43207/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43207/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43207
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
2) An unspecified error can be exploited to corrupt memory.
3) An unspecified error related to file permissions in Windows-based versions can be exploited to gain escalated privileges.
4) An unspecified error may allow code execution.
5) An unspecified error when parsing images can be exploited to corrupt memory.
6) An error in AcroRd32.dll when parsing certain images can be exploited to corrupt memory.
7) An unspecified error in the Macintosh-based versions may allow code execution.
9) An unspecified error may allow code execution.
10) A input validation error may allow code execution.
11) An input validation error can be exploited to conduct cross-site scripting attacks.
13) An unspecified error can be exploited to corrupt memory.
14) A boundary error when decoding U3D image data in an IFF file can be exploited to cause a buffer overflow.
15) A boundary error when decoding U3D image data in a RGBA file can be exploited to cause a buffer overflow.
16) A boundary error when decoding U3D image data in a BMP file can be exploited to cause a buffer overflow.
17) A boundary error when decoding U3D image data in a PSD file can be exploited to cause a buffer overflow.
18) An input validation error when parsing fonts may allow code execution.
19) A boundary error when decoding U3D image data in a FLI file can be exploited to cause a buffer overflow.
20) An error in 2d.dll when parsing height and width values of RLE_8 compressed BMP files can be exploited to cause a heap-based buffer overflow.
21) An integer overflow in ACE.dll when parsing certain ICC data can be exploited to cause a buffer overflow.
22) A boundary error in rt3d.dll when parsing bits per pixel and number of colors if 4/8-bit RLE compressed BMP files can be exploited to cause a heap-based buffer overflow.
23) An error in the U3D implementation when handling the Parent Node count can be exploited to cause a buffer overflow.
24) A boundary error when processing JPEG files embedded in a PDF file can be exploited to corrupt heap memory.
25) An unspecified error when parsing images may allow code execution.
26) An input validation error can be exploited to conduct cross-site scripting attacks.
27) An unspecified error in the Macintosh-based versions may allow code execution.
28) A boundary error in rt3d.dll when parsing certain files can be exploited to cause a stack-based buffer overflow.
29) An integer overflow in the U3D implementation when parsing a ILBM texture file can be exploited to cause a buffer overflow.
30) Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player.
For more information: SA43267
The vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1 and prior, and 10.0 and prior.
SOLUTION: Update to version 8.2.6, 9.4.2, or 10.0.1.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 2) Bing Liu, Fortinet's FortiGuard Labs. 6) Abdullah Ada via ZDI. 8) Haifei Li, Fortinet's FortiGuard Labs. 14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. 21) Sebastian Apelt via ZDI. 23) el via ZDI. 14) Sean Larsson, iDefense Labs. 28) An anonymous person via ZDI.
The vendor also credits: 1) Mitja Kolsek, ACROS Security. 3) Matthew Pun. 4, 5, 18) Tavis Ormandy, Google Security Team. 7) James Quirk. 9) Brett Gervasoni, Sense of Security. 10) Joe Schatz. 11, 26) Billy Rios, Google Security Team. 12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. 13) CESG. 25) Will Dormann, CERT. 27) Marc Schoenefeld, Red Hat Security Response Team.
ORIGINAL ADVISORY: Adobe (APSB11-03) http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.adobe.com/support/security/bulletins/apsb11-02.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-065/ http://www.zerodayinitiative.com/advisories/ZDI-11-066/ http://www.zerodayinitiative.com/advisories/ZDI-11-067/ http://www.zerodayinitiative.com/advisories/ZDI-11-068/ http://www.zerodayinitiative.com/advisories/ZDI-11-069/ http://www.zerodayinitiative.com/advisories/ZDI-11-070/ http://www.zerodayinitiative.com/advisories/ZDI-11-071/ http://www.zerodayinitiative.com/advisories/ZDI-11-072/ http://www.zerodayinitiative.com/advisories/ZDI-11-073/ http://www.zerodayinitiative.com/advisories/ZDI-11-074/ http://www.zerodayinitiative.com/advisories/ZDI-11-075/ http://www.zerodayinitiative.com/advisories/ZDI-11-077/
FortiGuard Labs: http://www.fortiguard.com/advisory/FGA-2011-06.html
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Show details on source website
{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0074", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "acrobat", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.9, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.0)" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "x (10.0)" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat professional extended", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.8" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat professional security updat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "reader security updat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" } ], "sources": [ { "db": "BID", "id": "46202" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "CNNVD", "id": "CNNVD-201102-146" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:acrobat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:acrobat_reader", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001201" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "CESG", "sources": [ { "db": "BID", "id": "46202" }, { "db": "CNNVD", "id": "CNNVD-201102-146" } ], "trust": 0.9 }, "cve": "CVE-2011-0589", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2011-0589", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48534", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-0589", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-0589", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201102-146", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48534", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-48534" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "CNNVD", "id": "CNNVD-201102-146" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606. Adobe Reader and Acrobat Any code that could be executed or service disruption (DoS) There is a vulnerability that becomes a condition. \nAdobe Reader and Acrobat versions prior to 9.4.2 and 10.0.1 are affected. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n______________________________________________________________________________\n\n SUSE Security Announcement\n\n Package: flash-player\n Announcement ID: SUSE-SA:2011:025\n Date: Tue, 17 May 2011 12:00:00 +0000\n Affected Products: openSUSE 11.3\n openSUSE 11.4\n SUSE Linux Enterprise Desktop 11 SP1\n SUSE Linux Enterprise Desktop 10 SP4\n Vulnerability Type: remote code execution\n CVSS v2 Base Score: 6.8\n SUSE Default Package: yes\n Cross-References: CVE-2011-0589, CVE-2011-0618, CVE-2011-0619\n CVE-2011-0620, CVE-2011-0621, CVE-2011-0622\n CVE-2011-0623, CVE-2011-0624, CVE-2011-0625\n CVE-2011-0626, CVE-2011-0627\n\n Content of This Advisory:\n 1) Problem Description\n flash-player security update to 10.3\n 2) Solution or Work-Around\n 3) Special Instructions and Notes\n 4) Package Location and Checksums\n 5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n 6) Authenticity Verification and Additional Information\n\n______________________________________________________________________________\n\n1) Problem Description and Brief Discussion\n\n Flash Player has been updated to version 10.3, fixing bugs\n and security issues. \n - CVE-2011-0589: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0618: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Numeric Errors (CWE-189)\n - CVE-2011-0619: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0620: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0621: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0622: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Buffer Errors (CWE-119)\n - CVE-2011-0623: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0624: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0625: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0626: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n - CVE-2011-0627: CVSS v2 Base Score: 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P):\n Input Validation (CWE-20)\n \n More information can be found on:\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n\n2) Solution or Work-Around\n\n If supported by the browser, you can disable the flash plugin. \n\n3) Special Instructions and Notes\n\n After the flash player update has been installed, all programs utilizing\n the flash plugin should be restarted. In particular web browser sessions\n should be restarted.a\n\n4) Package Location and Checksums\n\n The preferred method for installing security updates is to use the YaST\n \"Online Update\" module or the \"zypper\" commandline tool. The package and\n patch management stack will detect which updates are required and\n automatically perform the necessary steps to verify and install them. \n\n Alternatively, download the update packages for your distribution manually\n and verify their integrity by the methods listed in Section 6 of this\n announcement. Then install the packages using the command\n\n rpm -Fhv \u003cfile.rpm\u003e\n\n to apply the update, replacing \u003cfile.rpm\u003e with the filename of the\n downloaded RPM package. \n\n \n x86 Platform:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm\n \n Sources:\n \n openSUSE 11.4:\n http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n openSUSE 11.3:\n http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm\n \n Our maintenance customers are notified individually. The packages are\n offered for installation from the maintenance web:\n \n SUSE Linux Enterprise Desktop 10 SP4\n http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69\n \n SUSE Linux Enterprise Desktop 11 SP1\n http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad\n\n______________________________________________________________________________\n\n5) Pending Vulnerabilities, Solutions, and Work-Arounds:\n\n See SUSE Security Summary Report. \n\n______________________________________________________________________________\n\n6) Authenticity Verification and Additional Information\n\n - Announcement authenticity verification:\n\n SUSE security announcements are published via mailing lists and on Web\n sites. The authenticity and integrity of a SUSE security announcement is\n guaranteed by a cryptographic signature in each announcement. All SUSE\n security announcements are published with a valid signature. \n\n To verify the signature of the announcement, save it as text into a file\n and run the command\n\n gpg --verify \u003cfile\u003e\n\n replacing \u003cfile\u003e with the name of the file where you saved the\n announcement. The output for a valid signature looks like:\n\n gpg: Signature made \u003cDATE\u003e using RSA key ID 3D25D3D9\n gpg: Good signature from \"SuSE Security Team \u003csecurity@suse.de\u003e\"\n\n where \u003cDATE\u003e is replaced by the date the document was signed. \n\n If the security team\u0027s key is not contained in your key ring, you can\n import it from the first installation CD. To import the key, use the\n command\n\n gpg --import gpg-pubkey-3d25d3d9-36e12d04.asc\n\n - Package authenticity verification:\n\n SUSE update packages are available on many mirror FTP servers all over the\n world. While this service is considered valuable and important to the free\n and open source software community, the authenticity and the integrity of\n a package needs to be verified to ensure that it has not been tampered\n with. \n\n The internal rpm package signatures provide an easy way to verify the\n authenticity of an RPM package. Use the command\n\n rpm -v --checksig \u003cfile.rpm\u003e\n\n to verify the signature of the package, replacing \u003cfile.rpm\u003e with the\n filename of the RPM package downloaded. The package is unmodified if it\n contains a valid signature from build@suse.de with the key ID 9C800ACA. \n\n This key is automatically imported into the RPM database (on\n RPMv4-based distributions) and the gpg key ring of \u0027root\u0027 during\n installation. You can also find it on the first installation CD and at\n the end of this announcement. \n\n - SUSE runs two security mailing lists to which any interested party may\n subscribe:\n\n opensuse-security@opensuse.org\n - General Linux and SUSE security discussion. \n All SUSE security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security+subscribe@opensuse.org\u003e. \n\n opensuse-security-announce@opensuse.org\n - SUSE\u0027s announce-only mailing list. \n Only SUSE\u0027s security announcements are sent to this list. \n To subscribe, send an e-mail to\n \u003copensuse-security-announce+subscribe@opensuse.org\u003e. \n The \u003csecurity@suse.de\u003e public key is listed below. \n =====================================================================\n______________________________________________________________________________\n\n The information in this advisory may be distributed or reproduced,\n provided that the advisory is not modified in any way. In particular, the\n clear text signature should show proof of the authenticity of the text. \n\n SUSE Linux Products GmbH provides no warranties of any kind whatsoever\n with respect to the information contained in this security advisory. \n\nType Bits/KeyID Date User ID\npub 2048R/3D25D3D9 1999-03-06 SuSE Security Team \u003csecurity@suse.de\u003e\npub 1024D/9C800ACA 2000-10-19 SuSE Package Signing Key \u003cbuild@suse.de\u003e\n\n- -----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.2 (GNU/Linux)\n\nmQENAzbhLQQAAAEIAKAkXHe0lWRBXLpn38hMHy03F0I4Sszmoc8aaKJrhfhyMlOA\nBqvklPLE2f9UrI4Xc860gH79ZREwAgPt0pi6+SleNFLNcNFAuuHMLQOOsaMFatbz\nJR9i4m/lf6q929YROu5zB48rBAlcfTm+IBbijaEdnqpwGib45wE/Cfy6FAttBHQh\n1Kp+r/jPbf1mYAvljUfHKuvbg8t2EIQz/5yGp+n5trn9pElfQO2cRBq8LFpf1l+U\nP7EKjFmlOq+Gs/fF98/dP3DfniSd78LQPq5vp8RL8nr/o2i7jkAQ33m4f1wOBWd+\ncZovrKXYlXiR+Bf7m2hpZo+/sAzhd7LmAD0l09kABRG0JVN1U0UgU2VjdXJpdHkg\nVGVhbSA8c2VjdXJpdHlAc3VzZS5kZT6JARUDBRA24S1H5Fiyh7HKPEUBAVcOB/9b\nyHYji1/+4Xc2GhvXK0FSJN0MGgeXgW47yxDL7gmR4mNgjlIOUHZj0PEpVjWepOJ7\ntQS3L9oP6cpj1Fj/XxuLbkp5VCQ61hpt54coQAvYrnT9rtWEGN+xmwejT1WmYmDJ\nxG+EGBXKr+XP69oIUl1E2JO3rXeklulgjqRKos4cdXKgyjWZ7CP9V9daRXDtje63\nOm8gwSdU/nCvhdRIWp/Vwbf7Ia8iZr9OJ5YuQl0DBG4qmGDDrvImgPAFkYFzwlqo\nchoXFQ9y0YVCV41DnR+GYhwl2qBd81T8aXhihEGPIgaw3g8gd8B5o6mPVgl+nJqI\nBkEYGBusiag2pS6qwznZiQEVAwUQNuEtBHey5gA9JdPZAQFtOAf+KVh939b0J94u\nv/kpg4xs1LthlhquhbHcKNoVTNspugiC3qMPyvSX4XcBr2PC0cVkS4Z9PY9iCfT+\nx9WM96g39dAF+le2CCx7XISk9XXJ4ApEy5g4AuK7NYgAJd39PPbERgWnxjxir9g0\nIx30dS30bW39D+3NPU5Ho9TD/B7UDFvYT5AWHl3MGwo3a1RhTs6sfgL7yQ3U+mvq\nMkTExZb5mfN1FeaYKMopoI4VpzNVeGxQWIz67VjJHVyUlF20ekOz4kWVgsxkc8G2\nsaqZd6yv2EwqYTi8BDAduweP33KrQc4KDDommQNDOXxaKOeCoESIdM4p7Esdjq1o\nL0oixF12CohGBBARAgAGBQI7HmHDAAoJEJ5A4xAACqukTlQAoI4QzP9yjPohY7OU\nF7J3eKBTzp25AJ42BmtSd3pvm5ldmognWF3Trhp+GYkAlQMFEDe3O8IWkDf+zvyS\nFQEBAfkD/3GG5UgJj18UhYmh1gfjIlDcPAeqMwSytEHDENmHC+vlZQ/p0mT9tPiW\ntp34io54mwr+bLPN8l6B5GJNkbGvH6M+mO7R8Lj4nHL6pyAv3PQr83WyLHcaX7It\nKlj371/4yzKV6qpz43SGRK4MacLo2rNZ/dNej7lwPCtzCcFYwqkiiEYEEBECAAYF\nAjoaQqQACgkQx1KqMrDf94ArewCfWnTUDG5gNYkmHG4bYL8fQcizyA4An2eVo/n+\n3J2KRWSOhpAMsnMxtPbBmQGiBDnu9IERBACT8Y35+2vv4MGVKiLEMOl9GdST6MCk\nYS3yEKeueNWc+z/0Kvff4JctBsgs47tjmiI9sl0eHjm3gTR8rItXMN6sJEUHWzDP\n+Y0PFPboMvKx0FXl/A0dM+HFrruCgBlWt6FA+okRySQiliuI5phwqkXefl9AhkwR\n8xocQSVCFxcwvwCglVcOQliHu8jwRQHxlRE0tkwQQI0D+wfQwKdvhDplxHJ5nf7U\n8c/yE/vdvpN6lF0tmFrKXBUX+K7u4ifrZlQvj/81M4INjtXreqDiJtr99Rs6xa0S\ncZqITuZC4CWxJa9GynBED3+D2t1V/f8l0smsuYoFOF7Ib49IkTdbtwAThlZp8bEh\nELBeGaPdNCcmfZ66rKUdG5sRA/9ovnc1krSQF2+sqB9/o7w5/q2qiyzwOSTnkjtB\nUVKn4zLUOf6aeBAoV6NMCC3Kj9aZHfA+ND0ehPaVGJgjaVNFhPi4x0e7BULdvgOo\nAqajLfvkURHAeSsxXIoEmyW/xC1sBbDkDUIBSx5oej73XCZgnj/inphRqGpsb+1n\nKFvF+rQoU3VTRSBQYWNrYWdlIFNpZ25pbmcgS2V5IDxidWlsZEBzdXNlLmRlPohi\nBBMRAgAiBQJA2AY+AhsDBQkObd+9BAsHAwIDFQIDAxYCAQIeAQIXgAAKCRCoTtro\nnIAKypCfAJ9RuZ6ZSV7QW4pTgTIxQ+ABPp0sIwCffG9bCNnrETPlgOn+dGEkAWeg\nKL+IRgQQEQIABgUCOnBeUgAKCRCeQOMQAAqrpNzOAKCL512FZvv4VZx94TpbA9lx\nyoAejACeOO1HIbActAevk5MUBhNeLZa/qM2JARUDBRA6cGBvd7LmAD0l09kBATWn\nB/9An5vfiUUE1VQnt+T/EYklES3tXXaJJp9pHMa4fzFa8jPVtv5UBHGee3XoUNDV\nwM2OgSEISZxbzdXGnqIlcT08TzBUD9i579uifklLsnr35SJDZ6ram51/CWOnnaVh\nUzneOA9gTPSr+/fT3WeVnwJiQCQ30kNLWVXWATMnsnT486eAOlT6UNBPYQLpUprF\n5Yryk23pQUPAgJENDEqeU6iIO9Ot1ZPtB0lniw+/xCi13D360o1tZDYOp0hHHJN3\nD3EN8C1yPqZd5CvvznYvB6bWBIpWcRgdn2DUVMmpU661jwqGlRz1F84JG/xe4jGu\nzgpJt9IXSzyohEJB6XG5+D0BuQINBDnu9JIQCACEkdBN6Mxf5WvqDWkcMRy6wnrd\n9DYJ8UUTmIT2iQf07tRUKJJ9v0JXfx2Z4d08IQSMNRaq4VgSe+PdYgIy0fbj23Vi\na5/gO7fJEpD2hd2f+pMnOWvH2rOOIbeYfuhzAc6BQjAKtmgR0ERUTafTM9Wb6F13\nCNZZNZfDqnFDP6L12w3z3F7FFXkz07Rs3AIto1ZfYZd4sCSpMr/0S5nLrHbIvGLp\n271hhQBeRmmoGEKO2JRelGgUJ2CUzOdtwDIKT0LbCpvaP8PVnYF5IFoYJIWRHqlE\nt5ucTXstZy7vYjL6vTP4l5xs+LIOkNmPhqmfsgLzVo0UaLt80hOwc4NvDCOLAAMG\nB/9g+9V3ORzw4LvO1pwRYJqfDKUq/EJ0rNMMD4N8RLpZRhKHKJUm9nNHLbksnlZw\nrbSTM5LpC/U6sheLP+l0bLVoq0lmsCcUSyh+mY6PxWirLIWCn/IAZAGnXb6Zd6Tt\nIJlGG6pqUN8QxGJYQnonl0uTJKHJENbI9sWHQdcTtBMc34gorHFCo1Bcvpnc1LFL\nrWn7mfoGx6INQjf3HGQpMXAWuSBQhzkazY6vaWFpa8bBJ+gKbBuySWzNm3rFtT5H\nRKMWpO+M9bHp4d+puY0L1YwN1OMatcMMpcWnZpiWiR83oi32+xtWUY2U7Ae38mMa\ng8zFbpeqPQUsDv9V7CAJ1dbriEwEGBECAAwFAkDYBnoFCQ5t3+gACgkQqE7a6JyA\nCspnpgCfRbYwxT3iq+9l/PgNTUNTZOlof2oAn25y0eGi0371jap9kOV6uq71sUuO\n=ypVs\n- -----END PGP PUBLIC KEY BLOCK-----\n\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.9 (GNU/Linux)\n\niQEVAwUBTdOSuney5gA9JdPZAQITxQf/Y5fPRPXZbk6J7KRCjiGoJ+zIfmIijKeh\nfF4WiLL02eRbTKbn/gVtb/bmxoRGRO6Np5q1XDjj253EWUc0Zn/oDWiXQzRvmir6\n3os2rjBfUGirpfVzAv0qSAiD7XbMUo/ohvcUwhAxb2PaWipRnynMzUANcARSJ924\n6YMitvr1IF+i8xDF8yThCFkkyjkDuBPzgomB6zs1/Fd+ku04mMFHLVYpf22DQcGh\nwYvHo46lMWURt+aLEu0TJ07OEocaARYfzwqUYuY/4FZ4ias+I1GjCjL1WldQxeA9\nrQ3AGEZ9YVARnkg4CwRHWcYlyYwobanDykmODfu20DWM0FOofrH6xw==\n=mivB\n-----END PGP SIGNATURE-----\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. \n\nFor more information:\nSA43207\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201110-11\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Adobe Flash Player: Multiple vulnerabilities\n Date: October 13, 2011\n Bugs: #354207, #359019, #363179, #367031, #370215, #372899,\n #378637, #384017\n ID: 201110-11\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Adobe Flash Player might allow remote\nattackers to execute arbitrary code or cause a Denial of Service. \n\nBackground\n==========\n\nThe Adobe Flash Player is a renderer for the SWF file format, which is\ncommonly used to provide interactive websites. \nPlease review the CVE identifiers and Adobe Security Advisories and\nBulletins referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Flash Player users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot -v \"\u003e=www-plugins/adobe-flash-10.3.183.10\"\n\nReferences\n==========\n\n[ 1 ] APSA11-01\n http://www.adobe.com/support/security/advisories/apsa11-01.html\n[ 2 ] APSA11-02\n http://www.adobe.com/support/security/advisories/apsa11-02.html\n[ 3 ] APSB11-02\n http://www.adobe.com/support/security/bulletins/apsb11-02.html\n[ 4 ] APSB11-12\n http://www.adobe.com/support/security/bulletins/apsb11-12.html\n[ 5 ] APSB11-13\n http://www.adobe.com/support/security/bulletins/apsb11-13.html\n[ 6 ] APSB11-21\n https://www.adobe.com/support/security/bulletins/apsb11-21.html\n[ 7 ] APSB11-26\n https://www.adobe.com/support/security/bulletins/apsb11-26.html\n[ 8 ] CVE-2011-0558\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0558\n[ 9 ] CVE-2011-0559\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0559\n[ 10 ] CVE-2011-0560\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0560\n[ 11 ] CVE-2011-0561\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0561\n[ 12 ] CVE-2011-0571\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0571\n[ 13 ] CVE-2011-0572\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0572\n[ 14 ] CVE-2011-0573\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0573\n[ 15 ] CVE-2011-0574\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0574\n[ 16 ] CVE-2011-0575\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0575\n[ 17 ] CVE-2011-0577\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0577\n[ 18 ] CVE-2011-0578\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0578\n[ 19 ] CVE-2011-0579\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0579\n[ 20 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 21 ] CVE-2011-0607\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0607\n[ 22 ] CVE-2011-0608\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0608\n[ 23 ] CVE-2011-0609\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0609\n[ 24 ] CVE-2011-0611\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0611\n[ 25 ] CVE-2011-0618\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0618\n[ 26 ] CVE-2011-0619\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0619\n[ 27 ] CVE-2011-0620\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0620\n[ 28 ] CVE-2011-0621\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0621\n[ 29 ] CVE-2011-0622\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0622\n[ 30 ] CVE-2011-0623\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0623\n[ 31 ] CVE-2011-0624\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0624\n[ 32 ] CVE-2011-0625\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0625\n[ 33 ] CVE-2011-0626\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0626\n[ 34 ] CVE-2011-0627\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0627\n[ 35 ] CVE-2011-0628\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0628\n[ 36 ] CVE-2011-2107\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2107\n[ 37 ] CVE-2011-2110\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2110\n[ 38 ] CVE-2011-2125\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 39 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 40 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 41 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 42 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 43 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 44 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 45 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 46 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 47 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 48 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 49 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 50 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 51 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 52 ] CVE-2011-2426\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2426\n[ 53 ] CVE-2011-2427\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2427\n[ 54 ] CVE-2011-2428\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2428\n[ 55 ] CVE-2011-2429\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2429\n[ 56 ] CVE-2011-2430\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2430\n[ 57 ] CVE-2011-2444\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2444\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201110-11.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2011 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n\n. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43207\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43207/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207\n\nRELEASE DATE:\n2011-02-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43207/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43207/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious, local users to gain\nescalated privileges and by malicious people to conduct cross-site\nscripting attacks and compromise a user\u0027s system. \n\n2) An unspecified error can be exploited to corrupt memory. \n\n3) An unspecified error related to file permissions in Windows-based\nversions can be exploited to gain escalated privileges. \n\n4) An unspecified error may allow code execution. \n\n5) An unspecified error when parsing images can be exploited to\ncorrupt memory. \n\n6) An error in AcroRd32.dll when parsing certain images can be\nexploited to corrupt memory. \n\n7) An unspecified error in the Macintosh-based versions may allow\ncode execution. \n\n9) An unspecified error may allow code execution. \n\n10) A input validation error may allow code execution. \n\n11) An input validation error can be exploited to conduct cross-site\nscripting attacks. \n\n13) An unspecified error can be exploited to corrupt memory. \n\n14) A boundary error when decoding U3D image data in an IFF file can\nbe exploited to cause a buffer overflow. \n\n15) A boundary error when decoding U3D image data in a RGBA file can\nbe exploited to cause a buffer overflow. \n\n16) A boundary error when decoding U3D image data in a BMP file can\nbe exploited to cause a buffer overflow. \n\n17) A boundary error when decoding U3D image data in a PSD file can\nbe exploited to cause a buffer overflow. \n\n18) An input validation error when parsing fonts may allow code\nexecution. \n\n19) A boundary error when decoding U3D image data in a FLI file can\nbe exploited to cause a buffer overflow. \n\n20) An error in 2d.dll when parsing height and width values of RLE_8\ncompressed BMP files can be exploited to cause a heap-based buffer\noverflow. \n\n21) An integer overflow in ACE.dll when parsing certain ICC data can\nbe exploited to cause a buffer overflow. \n\n22) A boundary error in rt3d.dll when parsing bits per pixel and\nnumber of colors if 4/8-bit RLE compressed BMP files can be exploited\nto cause a heap-based buffer overflow. \n\n23) An error in the U3D implementation when handling the Parent Node\ncount can be exploited to cause a buffer overflow. \n\n24) A boundary error when processing JPEG files embedded in a PDF\nfile can be exploited to corrupt heap memory. \n\n25) An unspecified error when parsing images may allow code\nexecution. \n\n26) An input validation error can be exploited to conduct cross-site\nscripting attacks. \n\n27) An unspecified error in the Macintosh-based versions may allow\ncode execution. \n\n28) A boundary error in rt3d.dll when parsing certain files can be\nexploited to cause a stack-based buffer overflow. \n\n29) An integer overflow in the U3D implementation when parsing a ILBM\ntexture file can be exploited to cause a buffer overflow. \n\n30) Some vulnerabilities are caused due to vulnerabilities in the\nbundled version of Adobe Flash Player. \n\nFor more information:\nSA43267\n\nThe vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1\nand prior, and 10.0 and prior. \n\nSOLUTION:\nUpdate to version 8.2.6, 9.4.2, or 10.0.1. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n2) Bing Liu, Fortinet\u0027s FortiGuard Labs. \n6) Abdullah Ada via ZDI. \n8) Haifei Li, Fortinet\u0027s FortiGuard Labs. \n14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. \n21) Sebastian Apelt via ZDI. \n23) el via ZDI. \n14) Sean Larsson, iDefense Labs. \n28) An anonymous person via ZDI. \n\nThe vendor also credits:\n1) Mitja Kolsek, ACROS Security. \n3) Matthew Pun. \n4, 5, 18) Tavis Ormandy, Google Security Team. \n7) James Quirk. \n9) Brett Gervasoni, Sense of Security. \n10) Joe Schatz. \n11, 26) Billy Rios, Google Security Team. \n12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. \n13) CESG. \n25) Will Dormann, CERT. \n27) Marc Schoenefeld, Red Hat Security Response Team. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-03)\nhttp://www.adobe.com/support/security/bulletins/apsb11-03.html\nhttp://www.adobe.com/support/security/bulletins/apsb11-02.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-065/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-066/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-067/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-068/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-069/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-070/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-071/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-072/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-073/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-074/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-075/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-077/\n\nFortiGuard Labs:\nhttp://www.fortiguard.com/advisory/FGA-2011-06.html\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0589" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "BID", "id": "46202" }, { "db": "VULHUB", "id": "VHN-48534" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" } ], "trust": 2.43 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0589", "trust": 3.1 }, { "db": "BID", "id": "46202", "trust": 2.2 }, { "db": "SECTRACK", "id": "1025033", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2011-0337", "trust": 1.9 }, { "db": "SECUNIA", "id": "43470", "trust": 1.2 }, { "db": "VUPEN", "id": "ADV-2011-0492", "trust": 1.1 }, { "db": "SECUNIA", "id": "43207", "trust": 1.0 }, { "db": "XF", "id": "65294", "trust": 0.8 }, { "db": "JVNDB", "id": "JVNDB-2011-001201", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201102-146", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "101520", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-48534", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99246", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "105802", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-074", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-071", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-070", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-066", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-067", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-077", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-073", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-072", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-065", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-068", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-075", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-069", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98320", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109194", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48534" }, { "db": "BID", "id": "46202" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-146" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "id": "VAR-201102-0074", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48534" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:05:57.819000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-03", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "title": "cpsid_89065", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/890/cpsid_89065.html" }, { "title": "RHSA-2011:0301", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0301.html" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001201" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48534" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "trust": 1.9, "url": "http://www.securityfocus.com/bid/46202" }, { "trust": 1.9, "url": "http://www.securitytracker.com/id?1025033" }, { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12497" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0301.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43470" }, { "trust": 1.1, "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0589" }, { "trust": 0.8, "url": "http://xforce.iss.net/xforce/xfdb/65294" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110004.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0589" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43207" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0624" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0627" }, { "trust": 0.2, "url": "http://www.adobe.com/support/security/bulletins/apsb11-12.html" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0619" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0626" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0622" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0618" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0625" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0621" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0623" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0620" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/vim/section_179/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.2, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.2, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.2, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.2, "url": "http://security.gentoo.org/" }, { "trust": 0.2, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "http://secunia.com/" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/src/flash-player-10.3.181.14-0.2.1.nosrc.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=9c4e6f8f60161b73ef86d4ce0079ed69" }, { "trust": 0.1, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.3/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.opensuse.org/update/11.4/rpm/i586/flash-player-10.3.181.14-0.2.1.i586.rpm" }, { "trust": 0.1, "url": "http://download.novell.com/patch/finder/?keywords=25f459f5151ec35f0bbe1202ce1245ad" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43470/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43470/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0301.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43470" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0579" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0626" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0574" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2444" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0621" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0560" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0624" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2107" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2429" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2110" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0574" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0573" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0575" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0571" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0559" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-21.html" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2426" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0620" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0579" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-13.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0578" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0611" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0573" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0561" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0572" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0619" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0561" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0558" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0578" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0623" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0577" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0609" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0627" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2428" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-02.html" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-26.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0628" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0607" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2430" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2427" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201110-11.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0559" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0625" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa11-01.html" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0608" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0571" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0622" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0611" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0618" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0577" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-066/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-068/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43207/#comments" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-065/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-072/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-073/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-069/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-075/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-070/" }, { "trust": 0.1, "url": "http://www.fortiguard.com/advisory/fga-2011-06.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-077/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43207/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-067/" }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-071/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-074/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0605" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2438" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0600" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2434" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0596" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0603" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2431" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0595" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0588" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4091" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4369" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0596" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0588" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0585" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0598" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0593" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0592" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0590" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201201-19.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0585" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0586" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0606" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0594" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0592" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0599" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4091" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0606" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0594" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0605" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0563" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0591" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0593" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2440" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0590" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0598" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48534" }, { "db": "BID", "id": "46202" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-146" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-48534" }, { "db": "BID", "id": "46202" }, { "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "db": "PACKETSTORM", "id": "101520" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-146" }, { "db": "NVD", "id": "CVE-2011-0589" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-10T00:00:00", "db": "VULHUB", "id": "VHN-48534" }, { "date": "2011-02-08T00:00:00", "db": "BID", "id": "46202" }, { "date": "2011-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "date": "2011-05-18T14:23:49", "db": "PACKETSTORM", "id": "101520" }, { "date": "2011-03-14T11:37:12", "db": "PACKETSTORM", "id": "99246" }, { "date": "2011-10-14T06:16:06", "db": "PACKETSTORM", "id": "105802" }, { "date": "2011-02-09T03:30:01", "db": "PACKETSTORM", "id": "98320" }, { "date": "2012-01-31T00:07:37", "db": "PACKETSTORM", "id": "109194" }, { "date": "2011-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201102-146" }, { "date": "2011-02-10T18:00:58.363000", "db": "NVD", "id": "CVE-2011-0589" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48534" }, { "date": "2015-03-19T09:26:00", "db": "BID", "id": "46202" }, { "date": "2011-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001201" }, { "date": "2011-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201102-146" }, { "date": "2024-11-21T01:24:22.007000", "db": "NVD", "id": "CVE-2011-0589" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "105802" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-146" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001201" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-201102-146" } ], "trust": 0.6 } }
rhsa-2011_0301
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise\nLinux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple vulnerabilities in Adobe Reader. These\nvulnerabilities are detailed on the Adobe security page APSB11-03, listed\nin the References section.\n\nA specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566,\nCVE-2011-0567, CVE-2011-0585, CVE-2011-0586, CVE-2011-0589, CVE-2011-0590,\nCVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595,\nCVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602,\nCVE-2011-0603, CVE-2011-0606)\n\nMultiple security flaws were found in Adobe reader. A specially-crafted PDF\nfile could cause cross-site scripting (XSS) attacks against the user\nrunning Adobe Reader when opened. (CVE-2011-0587, CVE-2011-0604)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.4.2, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2011:0301", "url": "https://access.redhat.com/errata/RHSA-2011:0301" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "category": "external", "summary": "676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "676158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676158" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2011/rhsa-2011_0301.json" } ], "title": "Red Hat Security Advisory: acroread security update", "tracking": { "current_release_date": "2024-11-14T11:28:33+00:00", "generator": { "date": "2024-11-14T11:28:33+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2011:0301", "initial_release_date": "2011-02-23T21:16:00+00:00", "revision_history": [ { "date": "2011-02-23T21:16:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2011-02-23T16:17:46+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:28:33+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux AS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Desktop version 4 Extras", "product": { "name": "Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux ES version 4 Extras", "product": { "name": "Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux WS version 4 Extras", "product": { "name": "Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:4" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-0:9.4.2-1.el4.i386", "product": { "name": "acroread-0:9.4.2-1.el4.i386", "product_id": "acroread-0:9.4.2-1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.4.2-1.el4?arch=i386" } } }, { "category": "product_version", "name": "acroread-plugin-0:9.4.2-1.el4.i386", "product": { "name": "acroread-plugin-0:9.4.2-1.el4.i386", "product_id": "acroread-plugin-0:9.4.2-1.el4.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.4.2-1.el4?arch=i386" } } }, { "category": "product_version", "name": "acroread-0:9.4.2-1.el5.i386", "product": { "name": "acroread-0:9.4.2-1.el5.i386", "product_id": "acroread-0:9.4.2-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.4.2-1.el5?arch=i386" } } }, { "category": "product_version", "name": "acroread-plugin-0:9.4.2-1.el5.i386", "product": { "name": "acroread-plugin-0:9.4.2-1.el5.i386", "product_id": "acroread-plugin-0:9.4.2-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.4.2-1.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.4.2-3.el6_0.i686", "product": { "name": "acroread-plugin-0:9.4.2-3.el6_0.i686", "product_id": "acroread-plugin-0:9.4.2-3.el6_0.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.4.2-3.el6_0?arch=i686" } } }, { "category": "product_version", "name": "acroread-0:9.4.2-3.el6_0.i686", "product": { "name": "acroread-0:9.4.2-3.el6_0.i686", "product_id": "acroread-0:9.4.2-3.el6_0.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.4.2-3.el6_0?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:acroread-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux AS version 4 Extras", "product_id": "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4AS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el4.i386 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el4.i386 as a component of Red Hat Desktop version 4 Extras", "product_id": "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4Desktop-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:acroread-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux ES version 4 Extras", "product_id": "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4ES-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:acroread-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el4.i386 as a component of Red Hat Enterprise Linux WS version 4 Extras", "product_id": "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el4.i386", "relates_to_product_reference": "4WS-LACD" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386" }, "product_reference": "acroread-0:9.4.2-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386" }, "product_reference": "acroread-0:9.4.2-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.4.2-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-plugin-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-plugin-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Workstation-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.4.2-3.el6_0.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" }, "product_reference": "acroread-plugin-0:9.4.2-3.el6_0.i686", "relates_to_product_reference": "6Workstation-Supplementary" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-0562", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Untrusted search path vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2011-0570 and CVE-2011-0588.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0562" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0562", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0562" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0562", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0562" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0563", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0589 and CVE-2011-0606.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0563" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0563", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0563" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0563", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0563" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0565", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0585.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0565" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0565", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0565" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0565", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0565" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0566", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0567 and CVE-2011-0603.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0566" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0566", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0566" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0566", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0566" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0567", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "AcroRd32.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image that triggers an incorrect pointer calculation, leading to heap memory corruption, a different vulnerability than CVE-2011-0566 and CVE-2011-0603.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0567" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0567", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0567" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0567", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0567" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0585", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Unspecified vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors, a different vulnerability than CVE-2011-0565.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0585" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0585", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0585" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0585", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0585" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0586", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X do not properly validate unspecified input data, which allows attackers to execute arbitrary code via unknown vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0586" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0586", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0586" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0586", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0586" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0587", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676158" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0604.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple XSS flaws (APSB11-03)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0587" }, { "category": "external", "summary": "RHBZ#676158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676158" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0587", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0587" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0587", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0587" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "acroread: multiple XSS flaws (APSB11-03)" }, { "cve": "CVE-2011-0589", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0589" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0589", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0589" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0589", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0589" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0590", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0590" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0590", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0590" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0590", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0590" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0591", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0591" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0591", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0591" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0591", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0591" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0592", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to \"Texture bmp,\" a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0592" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0592", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0592" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0592", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0592" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0593", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0593" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0593", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0593" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0593", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0593" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0594", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a font.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0594" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0594", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0594" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0594", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0594" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0595", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0595" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0595", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0595" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0595", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0595" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0596", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "The Bitmap parsing component in 2d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via an image with crafted (1) height and (2) width values for an RLE_8 compressed bitmap, which triggers a heap-based buffer overflow, a different vulnerability than CVE-2011-0598, CVE-2011-0599, and CVE-2011-0602.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0596" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0596", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0596" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0596", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0596" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0598", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Integer overflow in ACE.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to execute arbitrary code via crafted ICC data, a different vulnerability than CVE-2011-0596, CVE-2011-0599, and CVE-2011-0602.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0598" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0598", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0598" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0598", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0598" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0599", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "The Bitmap parsing component in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted image that causes an invalid pointer calculation related to 4/8-bit RLE compression, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0602.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0599" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0599", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0599" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0599", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0599" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0600", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0600" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0600", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0600" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0600", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0600" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0602", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record types in a JPEG2000 image in a PDF file, which causes heap corruption, a different vulnerability than CVE-2011-0596, CVE-2011-0598, and CVE-2011-0599.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0602" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0602", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0602" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0602", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0602" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0603", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted image, a different vulnerability than CVE-2011-0566 and CVE-2011-0567.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0603" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0603", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0603" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0603", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0603" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" }, { "cve": "CVE-2011-0604", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676158" } ], "notes": [ { "category": "description", "text": "Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2011-0587.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple XSS flaws (APSB11-03)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0604" }, { "category": "external", "summary": "RHBZ#676158", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676158" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0604", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0604" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0604", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0604" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "acroread: multiple XSS flaws (APSB11-03)" }, { "cve": "CVE-2011-0606", "discovery_date": "2011-02-08T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "676157" } ], "notes": [ { "category": "description", "text": "Stack-based buffer overflow in rt3d.dll in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors related to a crafted length value, a different vulnerability than CVE-2011-0563 and CVE-2011-0589.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: critical APSB11-03", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-0606" }, { "category": "external", "summary": "RHBZ#676157", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=676157" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-0606", "url": "https://www.cve.org/CVERecord?id=CVE-2011-0606" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-0606", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0606" } ], "release_date": "2011-02-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2011-02-23T21:16:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/kb/docs/DOC-11259", "product_ids": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2011:0301" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "4AS-LACD:acroread-0:9.4.2-1.el4.i386", "4AS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-0:9.4.2-1.el4.i386", "4Desktop-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-0:9.4.2-1.el4.i386", "4ES-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-0:9.4.2-1.el4.i386", "4WS-LACD:acroread-plugin-0:9.4.2-1.el4.i386", "5Client-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-0:9.4.2-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.4.2-1.el5.i386", "6Client-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Client-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Server-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-0:9.4.2-3.el6_0.i686", "6Workstation-Supplementary:acroread-plugin-0:9.4.2-3.el6_0.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: critical APSB11-03" } ] }
gsd-2011-0589
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2011-0589", "description": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.", "id": "GSD-2011-0589", "references": [ "https://www.suse.com/security/cve/CVE-2011-0589.html", "https://access.redhat.com/errata/RHSA-2011:0301" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2011-0589" ], "details": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.", "id": "GSD-2011-0589", "modified": "2023-12-13T01:19:04.640670Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0589", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "ADV-2011-0492", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "name": "43470", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/43470" }, { "name": "adobe-reader-acrobat-unspec-ce(65294)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "name": "RHSA-2011:0301", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "name": "46202", "refsource": "BID", "url": "http://www.securityfocus.com/bid/46202" }, { "name": "ADV-2011-0337", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "name": "oval:org.mitre.oval:def:12497", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" }, { "name": "1025033", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1025033" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:10.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.1.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:8.1.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-0589" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb11-03.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "name": "ADV-2011-0337", "refsource": "VUPEN", "tags": [ "Vendor Advisory" ], "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "name": "46202", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/46202" }, { "name": "1025033", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1025033" }, { "name": "RHSA-2011:0301", "refsource": "REDHAT", "tags": [], "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "name": "43470", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/43470" }, { "name": "ADV-2011-0492", "refsource": "VUPEN", "tags": [], "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "name": "SUSE-SA:2011:025", "refsource": "SUSE", "tags": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "name": "adobe-reader-acrobat-unspec-ce(65294)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "name": "oval:org.mitre.oval:def:12497", "refsource": "OVAL", "tags": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": true } }, "lastModifiedDate": "2018-10-30T16:25Z", "publishedDate": "2011-02-10T18:00Z" } } }
ghsa-jjp3-m764-2w7x
Vulnerability from github
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.
{ "affected": [], "aliases": [ "CVE-2011-0589" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2011-02-10T18:00:00Z", "severity": "HIGH" }, "details": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-0563 and CVE-2011-0606.", "id": "GHSA-jjp3-m764-2w7x", "modified": "2022-05-14T02:18:20Z", "published": "2022-05-14T02:18:20Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-0589" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/65294" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12497" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2011-05/msg00006.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/43470" }, { "type": "WEB", "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "type": "WEB", "url": "http://www.redhat.com/support/errata/RHSA-2011-0301.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/46202" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1025033" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "type": "WEB", "url": "http://www.vupen.com/english/advisories/2011/0492" } ], "schema_version": "1.4.0", "severity": [] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.