Action not permitted
Modal body text goes here.
Modal Title
Modal Body
cve-2011-4373
Vulnerability from cvelistv5
▼ | URL | Tags | |
---|---|---|---|
psirt@adobe.com | http://www.adobe.com/support/security/bulletins/apsb12-01.html | Patch, Vendor Advisory | |
psirt@adobe.com | http://www.securityfocus.com/bid/51350 | Broken Link, VDB Entry | |
psirt@adobe.com | http://www.securitytracker.com/id?1026496 | Broken Link, VDB Entry | |
psirt@adobe.com | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615 | Third Party Advisory, Tool Signature | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.adobe.com/support/security/bulletins/apsb12-01.html | Patch, Vendor Advisory | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/51350 | Broken Link, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id?1026496 | Broken Link, VDB Entry | |
af854a3a-2127-422b-91ae-364da2661108 | https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615 | Third Party Advisory, Tool Signature |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-07T00:09:18.370Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "51350", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/51350" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "name": "oval:org.mitre.oval:def:14615", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL", "x_transferred" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" }, { "name": "1026496", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026496" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-01-10T00:00:00", "descriptions": [ { "lang": "en", "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-09-18T12:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "51350", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/51350" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "name": "oval:org.mitre.oval:def:14615", "tags": [ "vdb-entry", "signature", "x_refsource_OVAL" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" }, { "name": "1026496", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026496" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-4373", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "51350", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51350" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "name": "oval:org.mitre.oval:def:14615", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" }, { "name": "1026496", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026496" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2011-4373", "datePublished": "2012-01-10T21:00:00", "dateReserved": "2011-11-04T00:00:00", "dateUpdated": "2024-08-07T00:09:18.370Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2011-4373\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2012-01-10T21:55:03.637\",\"lastModified\":\"2024-11-21T01:32:19.873\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.\"},{\"lang\":\"es\",\"value\":\"Adobe Reader y Adobe Acrobat antes de v9.5, y v10.x antes de v10.1.2, en Windows y Mac OS X permite a los atacantes ejecutar c\u00f3digo de su elecci\u00f3n o causar una denegaci\u00f3n de servicio (por corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados. Se trata de una vulnerabilidad diferente a CVE-2011-4370 y CVE-2011-4372.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.1\",\"matchCriteriaId\":\"A70868B3-F3C5-4DC0-9013-78E77F424109\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"10.1.1\",\"matchCriteriaId\":\"EA1F1816-CFFC-45BF-A193-35F4A07C2EF7\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C56F007-5F8E-4BDD-A803-C907BCC0AF55\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.6\",\"matchCriteriaId\":\"E63E65B1-5E44-4ADD-A692-20877FA22057\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"314014C8-527A-4D6D-B9BF-30084178C9B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.6\",\"matchCriteriaId\":\"45B31326-A27E-42EA-B8D6-FE7165111A55\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:reader:9.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1DE8E04-ACEC-4D43-B65C-C74C8020FB50\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CF61F35-5905-4BA9-AD7E-7DB261D2F256\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.5\",\"matchCriteriaId\":\"758BD624-4D03-40C9-8F03-F0F9A7A5DE99\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:9.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0335CEAA-ED55-46AA-98D9-693733CDA68C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"9.4.5\",\"matchCriteriaId\":\"BCAF5003-4BF0-4C1B-A153-9FC76D64CB44\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:reader:9.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C2303F4-5AD9-4863-A42B-FBB618AB73DD\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387021A0-AF36-463C-A605-32EA7DAC172E\"}]}]}],\"references\":[{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb12-01.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51350\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026496\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"Tool Signature\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb12-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/51350\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026496\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"VDB Entry\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"Tool Signature\"]}]}}" } }
ghsa-xv37-xpc4-25wq
Vulnerability from github
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.
{ "affected": [], "aliases": [ "CVE-2011-4373" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-01-10T21:55:00Z", "severity": "HIGH" }, "details": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.", "id": "GHSA-xv37-xpc4-25wq", "modified": "2022-06-04T00:00:42Z", "published": "2022-05-13T01:05:55Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4373" }, { "type": "WEB", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" }, { "type": "WEB", "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/51350" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1026496" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "type": "CVSS_V3" } ] }
rhsa-2012_0469
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple security flaws in Adobe Reader. These flaws are\ndetailed on the Adobe security page APSB12-08, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2012-0774, CVE-2012-0775, CVE-2012-0777)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.5.1, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0469", "url": "https://access.redhat.com/errata/RHSA-2012:0469" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "category": "external", "summary": "810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0469.json" } ], "title": "Red Hat Security Advisory: acroread security update", "tracking": { "current_release_date": "2024-11-14T11:30:54+00:00", "generator": { "date": "2024-11-14T11:30:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2012:0469", "initial_release_date": "2012-04-10T20:24:00+00:00", "revision_history": [ { "date": "2012-04-10T20:24:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-11-13T11:14:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:30:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.5.1-1.el5.i386", "product": { "name": "acroread-plugin-0:9.5.1-1.el5.i386", "product_id": "acroread-plugin-0:9.5.1-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.5.1-1.el5?arch=i386" } } }, { "category": "product_version", "name": "acroread-0:9.5.1-1.el5.i386", "product": { "name": "acroread-0:9.5.1-1.el5.i386", "product_id": "acroread-0:9.5.1-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.5.1-1.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product_id": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.5.1-1.el6_2?arch=i686" } } }, { "category": "product_version", "name": "acroread-0:9.5.1-1.el6_2.i686", "product": { "name": "acroread-0:9.5.1-1.el6_2.i686", "product_id": "acroread-0:9.5.1-1.el6_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.5.1-1.el6_2?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Client-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Client-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Server-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Server-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.2.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-4370", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4370" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4370", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4370" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4371", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4371" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4371", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4371" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4372", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4372" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4372", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4372" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4372", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4372" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4373", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4373" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4373", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4373" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4373", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4373" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0774", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0774" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0774", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0774" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0774", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0774" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0775", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0775" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0775", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0775" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0777", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0777" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0777", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0777" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" } ] }
var-201201-0079
Vulnerability from variot
Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within 2d.x3d, which is Adobe Reader's code responsible for processing BMP files. When passing a negative size parameter in the 'colors' field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader and Acrobat Both Adobe Adobe ) company's products. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
ZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability http://www.zerodayinitiative.com/advisories/ZDI-12-021 February 8, 2012
-
-- CVE ID: CVE-2011-4373
-
-- CVSS: 7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P
-
-- Affected Vendors:
Adobe
- -- Affected Products:
Adobe Reader
-
-- TippingPoint(TM) IPS Customer Protection: TippingPoint IPS customers have been protected against this vulnerability by Digital Vaccine protection filter ID 12017.
-
-- Vendor Response:
Adobe has issued an update to correct this vulnerability. More details can be found at:
http://www.adobe.com/support/security/bulletins/apsb12-01.html
- -- Disclosure Timeline: 2011-10-28 - Vulnerability reported to vendor
2012-02-08 - Coordinated public release of advisory
-
-- Credit: This vulnerability was discovered by:
-
Alin Rad Pop
-
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32)
iQEcBAEBAgAGBQJPMq81AAoJEFVtgMGTo1scKo0H/RBf8xeNOSi+vB165I6YTW/O 06jR18N54qnTH37TRIptj3n0UdgcGoFpDjGMFWEfEt0yTc1gG8fEEtO0Q/m6bOJN 6oaHav+VdyAPDcw13VRiRL7QnvR5NqAGvdzYikO7QpiVEOmTvWetK8/ODPqziNHc 5jWQB9p7bCkXxgNrY9PkyWkE9seFa1G8apYX4rdJC/DUXJIcPHy7YgdFykrcw4c/ r84LSfPBAuLPuZnHVBcxPlx21LIYYJdZuF0zHkqGx0x1WG04GatJmzNsLiruVzNt +EKgjt9XUFmuZa7ovYvHiDkyFtGWCSgmrOM3Iy5EOdpfexKhUltel7qHYzTE3QA= =nWOH -----END PGP SIGNATURE----- .
Background
Adobe Reader is a closed-source PDF reader.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.1 >= 9.5.1
Description
Multiple vulnerabilities have been found in Adobe Reader, including an integer overflow in TrueType Font handling (CVE-2012-0774) and multiple unspecified errors which could cause memory corruption.
Impact
A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in execution of arbitrary code with the privileges of the process or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1"
References
[ 1 ] CVE-2011-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370 [ 2 ] CVE-2011-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371 [ 3 ] CVE-2011-4372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372 [ 4 ] CVE-2011-4373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373 [ 5 ] CVE-2012-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774 [ 6 ] CVE-2012-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775 [ 7 ] CVE-2012-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776 [ 8 ] CVE-2012-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-14.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201201-0079", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "reader", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "reader", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.4.6" }, { "model": "reader", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat", "scope": "lte", "trust": 1.0, "vendor": "adobe", "version": "9.4.5" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.3.2" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.3.1" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.9, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "9.4.6 and 9.x previous version for macintosh" }, { "model": "acrobat", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "9.4.7 and 9.x previous version for windows" }, { "model": "acrobat", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.1.1) 10.x for windows and macintosh" }, { "model": "reader", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "9.4.6 and 9.x previous version for macintosh" }, { "model": "reader", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "9.4.7 and 9.x previous version for windows" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.1.1) 10.x for windows and macintosh" }, { "model": "reader", "scope": null, "trust": 0.7, "vendor": "adobe", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5" } ], "sources": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "BID", "id": "51350" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "CNNVD", "id": "CNNVD-201201-108" }, { "db": "NVD", "id": "CVE-2011-4373" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:acrobat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:acrobat_reader", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001041" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Alin Rad Pop", "sources": [ { "db": "ZDI", "id": "ZDI-12-021" } ], "trust": 0.7 }, "cve": "CVE-2011-4373", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-4373", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 2.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-52318", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "nvd@nist.gov", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "id": "CVE-2011-4373", "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" } ], "severity": [ { "author": "nvd@nist.gov", "id": "CVE-2011-4373", "trust": 1.0, "value": "CRITICAL" }, { "author": "NVD", "id": "CVE-2011-4373", "trust": 0.8, "value": "High" }, { "author": "ZDI", "id": "CVE-2011-4373", "trust": 0.7, "value": "HIGH" }, { "author": "CNNVD", "id": "CNNVD-201201-108", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-52318", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "VULHUB", "id": "VHN-52318" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "CNNVD", "id": "CNNVD-201201-108" }, { "db": "NVD", "id": "CVE-2011-4373" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within 2d.x3d, which is Adobe Reader\u0027s code responsible for processing BMP files. When passing a negative size parameter in the \u0027colors\u0027 field, a series of signed comparisons will be averted, and the overly large size parameter is passed to a memcpy(). Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader and Acrobat Both Adobe Adobe ) company\u0027s products. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\nZDI-12-021 : Adobe Reader BMP Resource Signedness Remote Code\nExecution Vulnerability\nhttp://www.zerodayinitiative.com/advisories/ZDI-12-021\nFebruary 8, 2012\n\n- -- CVE ID:\nCVE-2011-4373\n\n- -- CVSS:\n7.5, AV:N/AC:L/Au:N/C:P/I:P/A:P\n\n- -- Affected Vendors:\n\nAdobe\n\n\n\n- -- Affected Products:\n\nAdobe Reader\n\n\n\n- -- TippingPoint(TM) IPS Customer Protection:\nTippingPoint IPS customers have been protected against this\nvulnerability by Digital Vaccine protection filter ID 12017. \n\n- -- Vendor Response:\n\nAdobe has issued an update to correct this vulnerability. More details\ncan be found at:\n\nhttp://www.adobe.com/support/security/bulletins/apsb12-01.html\n\n\n\n\n- -- Disclosure Timeline:\n2011-10-28 - Vulnerability reported to vendor\n\n2012-02-08 - Coordinated public release of advisory\n\n\n\n- -- Credit:\nThis vulnerability was discovered by:\n\n* Alin Rad Pop\n\n\n\n- -- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents\na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v2.0.17 (MingW32)\n\niQEcBAEBAgAGBQJPMq81AAoJEFVtgMGTo1scKo0H/RBf8xeNOSi+vB165I6YTW/O\n06jR18N54qnTH37TRIptj3n0UdgcGoFpDjGMFWEfEt0yTc1gG8fEEtO0Q/m6bOJN\n6oaHav+VdyAPDcw13VRiRL7QnvR5NqAGvdzYikO7QpiVEOmTvWetK8/ODPqziNHc\n5jWQB9p7bCkXxgNrY9PkyWkE9seFa1G8apYX4rdJC/DUXJIcPHy7YgdFykrcw4c/\nr84LSfPBAuLPuZnHVBcxPlx21LIYYJdZuF0zHkqGx0x1WG04GatJmzNsLiruVzNt\n+EKgjt9XUFmuZa7ovYvHiDkyFtGWCSgmrOM3Iy5EOdpfexKhUltel7qHYzTE3QA=\n=nWOH\n-----END PGP SIGNATURE-----\n. \n\nBackground\n==========\n\nAdobe Reader is a closed-source PDF reader. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/acroread \u003c 9.5.1 \u003e= 9.5.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in Adobe Reader, including an\ninteger overflow in TrueType Font handling (CVE-2012-0774) and multiple\nunspecified errors which could cause memory corruption. \n\nImpact\n======\n\nA remote attacker could entice a user to open a specially crafted PDF\nfile, possibly resulting in execution of arbitrary code with the\nprivileges of the process or a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/acroread-9.5.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370\n[ 2 ] CVE-2011-4371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371\n[ 3 ] CVE-2011-4372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372\n[ 4 ] CVE-2011-4373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373\n[ 5 ] CVE-2012-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774\n[ 6 ] CVE-2012-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775\n[ 7 ] CVE-2012-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776\n[ 8 ] CVE-2012-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-14.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2011-4373" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "BID", "id": "51350" }, { "db": "VULHUB", "id": "VHN-52318" }, { "db": "PACKETSTORM", "id": "109553" }, { "db": "PACKETSTORM", "id": "114069" } ], "trust": 2.79 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-52318", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-52318" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-4373", "trust": 3.7 }, { "db": "BID", "id": "51350", "trust": 2.0 }, { "db": "SECTRACK", "id": "1026496", "trust": 1.7 }, { "db": "ZDI", "id": "ZDI-12-021", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2012-001041", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-1426", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201201-108", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "109553", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-52318", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114069", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "VULHUB", "id": "VHN-52318" }, { "db": "BID", "id": "51350" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "PACKETSTORM", "id": "109553" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201201-108" }, { "db": "NVD", "id": "CVE-2011-4373" } ] }, "id": "VAR-201201-0079", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-52318" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T21:02:36.560000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB12-01", "trust": 1.5, "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "title": "APSB12-01", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb12-01.html" }, { "title": "cpsid_92823", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/928/cpsid_92823.html" }, { "title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/adobe/20120112.html" }, { "title": "AcrobatUpd1012", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42400" }, { "title": "AdbeRdrUpd1012", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42399" }, { "title": "AdbeRdrUpd950_mui", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42398" }, { "title": "AcrobatUpd1012", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42402" }, { "title": "AcrobatUpd945_all_incr", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=42401" } ], "sources": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "CNNVD", "id": "CNNVD-201201-108" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-787", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2011-4373" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.8, "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/51350" }, { "trust": 1.7, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14615" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026496" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4373" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2012/at120003.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-4373" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics\\\\" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://www.zerodayinitiative.com/advisories/zdi-12-021/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4373" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-12-021" }, { "trust": 0.1, "url": "http://twitter.com/thezdi" }, { "trust": 0.1, "url": "http://www.tippingpoint.com" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4370" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0777" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4371" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0776" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0774" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4371" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0774" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-14.xml" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4372" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0777" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4370" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4372" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "VULHUB", "id": "VHN-52318" }, { "db": "BID", "id": "51350" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "PACKETSTORM", "id": "109553" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201201-108" }, { "db": "NVD", "id": "CVE-2011-4373" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-12-021" }, { "db": "VULHUB", "id": "VHN-52318" }, { "db": "BID", "id": "51350" }, { "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "db": "PACKETSTORM", "id": "109553" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201201-108" }, { "db": "NVD", "id": "CVE-2011-4373" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-08T00:00:00", "db": "ZDI", "id": "ZDI-12-021" }, { "date": "2012-01-10T00:00:00", "db": "VULHUB", "id": "VHN-52318" }, { "date": "2012-01-10T00:00:00", "db": "BID", "id": "51350" }, { "date": "2012-01-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "date": "2012-02-08T21:36:22", "db": "PACKETSTORM", "id": "109553" }, { "date": "2012-06-22T20:23:37", "db": "PACKETSTORM", "id": "114069" }, { "date": "2012-01-13T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-108" }, { "date": "2012-01-10T21:55:03.637000", "db": "NVD", "id": "CVE-2011-4373" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2012-02-08T00:00:00", "db": "ZDI", "id": "ZDI-12-021" }, { "date": "2017-09-19T00:00:00", "db": "VULHUB", "id": "VHN-52318" }, { "date": "2013-06-20T09:40:00", "db": "BID", "id": "51350" }, { "date": "2012-01-13T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-001041" }, { "date": "2022-06-06T00:00:00", "db": "CNNVD", "id": "CNNVD-201201-108" }, { "date": "2024-11-21T01:32:19.873000", "db": "NVD", "id": "CVE-2011-4373" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "109553" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201201-108" } ], "trust": 0.8 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-001041" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201201-108" } ], "trust": 0.6 } }
gsd-2011-4373
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2011-4373", "description": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.", "id": "GSD-2011-4373", "references": [ "https://access.redhat.com/errata/RHSA-2012:0469" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2011-4373" ], "details": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.", "id": "GSD-2011-4373", "modified": "2023-12-13T01:19:05.797898Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-4373", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "51350", "refsource": "BID", "url": "http://www.securityfocus.com/bid/51350" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "name": "oval:org.mitre.oval:def:14615", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" }, { "name": "1026496", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026496" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.1", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "10.1.1", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:reader:9.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.4.6", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.4.6", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:reader:9.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:9.4.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.4.5", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "9.4.5", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2011-4373" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb12-01.html", "refsource": "CONFIRM", "tags": [ "Patch", "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-01.html" }, { "name": "51350", "refsource": "BID", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/51350" }, { "name": "1026496", "refsource": "SECTRACK", "tags": [ "Broken Link", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1026496" }, { "name": "oval:org.mitre.oval:def:14615", "refsource": "OVAL", "tags": [ "Third Party Advisory", "Tool Signature" ], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14615" } ] } }, "impact": { "baseMetricV2": { "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "exploitabilityScore": 3.9, "impactScore": 5.9 } }, "lastModifiedDate": "2022-06-03T15:50Z", "publishedDate": "2012-01-10T21:55Z" } } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.