var-201102-0075
Vulnerability from variot
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader and Acrobat Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0591 , CVE-2011-0592 , CVE-2011-0593 , CVE-2011-0595 and CVE-2011-0600 Is a different vulnerability.By a third party 3D An arbitrary code may be executed via the file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.
For more information: SA43207
SOLUTION: Updated packages are available via Red Hat Network.
-- Vendor Response: Adobe has issued an update to correct this vulnerability. More details can be found at:
http://www.adobe.com/support/security/bulletins/apsb11-03.html
-- Disclosure Timeline: 2010-09-22 - Vulnerability reported to vendor 2011-02-08 - Coordinated public release of advisory
-- Credit: This vulnerability was discovered by: * Peter Vreugdenhil ( http://vreugdenhilresearch.nl )
-- About the Zero Day Initiative (ZDI): Established by TippingPoint, The Zero Day Initiative (ZDI) represents a best-of-breed model for rewarding security researchers for responsibly disclosing discovered vulnerabilities.
Researchers interested in getting paid for their security research through the ZDI can find more information and sign-up at:
http://www.zerodayinitiative.com
The ZDI is unique in how the acquired vulnerability information is used. TippingPoint does not re-sell the vulnerability details or any exploit code. Instead, upon notifying the affected product vendor, TippingPoint provides its customers with zero day protection through its intrusion prevention technology. Explicit details regarding the specifics of the vulnerability are not exposed to any parties until an official vendor patch is publicly available. Furthermore, with the altruistic aim of helping to secure a broader user base, TippingPoint provides this vulnerability information confidentially to security vendors (including competitors) who have a vulnerability protection or mitigation product.
Our vulnerability disclosure policy is available online at:
http://www.zerodayinitiative.com/advisories/disclosure_policy/
Follow the ZDI on Twitter:
http://twitter.com/thezdi
Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ . ----------------------------------------------------------------------
Get a tax break on purchases of Secunia Solutions!
If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/
TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID: SA43207
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43207
RELEASE DATE: 2011-02-09
DISCUSS ADVISORY: http://secunia.com/advisories/43207/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/43207/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=43207
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system.
2) An unspecified error can be exploited to corrupt memory.
3) An unspecified error related to file permissions in Windows-based versions can be exploited to gain escalated privileges.
5) An unspecified error when parsing images can be exploited to corrupt memory.
6) An error in AcroRd32.dll when parsing certain images can be exploited to corrupt memory.
11) An input validation error can be exploited to conduct cross-site scripting attacks.
13) An unspecified error can be exploited to corrupt memory.
18) An input validation error when parsing fonts may allow code execution.
20) An error in 2d.dll when parsing height and width values of RLE_8 compressed BMP files can be exploited to cause a heap-based buffer overflow.
21) An integer overflow in ACE.dll when parsing certain ICC data can be exploited to cause a buffer overflow.
22) A boundary error in rt3d.dll when parsing bits per pixel and number of colors if 4/8-bit RLE compressed BMP files can be exploited to cause a heap-based buffer overflow.
23) An error in the U3D implementation when handling the Parent Node count can be exploited to cause a buffer overflow.
24) A boundary error when processing JPEG files embedded in a PDF file can be exploited to corrupt heap memory.
26) An input validation error can be exploited to conduct cross-site scripting attacks.
28) A boundary error in rt3d.dll when parsing certain files can be exploited to cause a stack-based buffer overflow.
29) An integer overflow in the U3D implementation when parsing a ILBM texture file can be exploited to cause a buffer overflow.
30) Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player.
For more information: SA43267
The vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1 and prior, and 10.0 and prior.
SOLUTION: Update to version 8.2.6, 9.4.2, or 10.0.1.
Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
PROVIDED AND/OR DISCOVERED BY: 2) Bing Liu, Fortinet's FortiGuard Labs. 6) Abdullah Ada via ZDI. 8) Haifei Li, Fortinet's FortiGuard Labs. 14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. 21) Sebastian Apelt via ZDI. 23) el via ZDI. 14) Sean Larsson, iDefense Labs. 28) An anonymous person via ZDI.
The vendor also credits: 1) Mitja Kolsek, ACROS Security. 3) Matthew Pun. 4, 5, 18) Tavis Ormandy, Google Security Team. 7) James Quirk. 9) Brett Gervasoni, Sense of Security. 10) Joe Schatz. 11, 26) Billy Rios, Google Security Team. 12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. 13) CESG. 25) Will Dormann, CERT. 27) Marc Schoenefeld, Red Hat Security Response Team.
ORIGINAL ADVISORY: Adobe (APSB11-03) http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.adobe.com/support/security/bulletins/apsb11-02.html
ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-065/ http://www.zerodayinitiative.com/advisories/ZDI-11-066/ http://www.zerodayinitiative.com/advisories/ZDI-11-067/ http://www.zerodayinitiative.com/advisories/ZDI-11-068/ http://www.zerodayinitiative.com/advisories/ZDI-11-069/ http://www.zerodayinitiative.com/advisories/ZDI-11-070/ http://www.zerodayinitiative.com/advisories/ZDI-11-071/ http://www.zerodayinitiative.com/advisories/ZDI-11-072/ http://www.zerodayinitiative.com/advisories/ZDI-11-073/ http://www.zerodayinitiative.com/advisories/ZDI-11-074/ http://www.zerodayinitiative.com/advisories/ZDI-11-075/ http://www.zerodayinitiative.com/advisories/ZDI-11-077/
FortiGuard Labs: http://www.fortiguard.com/advisory/FGA-2011-06.html
iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891
OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/
About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.4.7"
References
[ 1 ] CVE-2010-4091 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091 [ 2 ] CVE-2011-0562 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562 [ 3 ] CVE-2011-0563 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563 [ 4 ] CVE-2011-0565 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565 [ 5 ] CVE-2011-0566 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566 [ 6 ] CVE-2011-0567 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567 [ 7 ] CVE-2011-0570 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570 [ 8 ] CVE-2011-0585 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585 [ 9 ] CVE-2011-0586 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586 [ 10 ] CVE-2011-0587 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587 [ 11 ] CVE-2011-0588 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588 [ 12 ] CVE-2011-0589 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589 [ 13 ] CVE-2011-0590 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590 [ 14 ] CVE-2011-0591 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591 [ 15 ] CVE-2011-0592 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592 [ 16 ] CVE-2011-0593 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593 [ 17 ] CVE-2011-0594 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594 [ 18 ] CVE-2011-0595 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595 [ 19 ] CVE-2011-0596 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596 [ 20 ] CVE-2011-0598 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598 [ 21 ] CVE-2011-0599 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599 [ 22 ] CVE-2011-0600 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600 [ 23 ] CVE-2011-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602 [ 24 ] CVE-2011-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603 [ 25 ] CVE-2011-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604 [ 26 ] CVE-2011-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605 [ 27 ] CVE-2011-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606 [ 28 ] CVE-2011-2130 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130 [ 29 ] CVE-2011-2134 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134 [ 30 ] CVE-2011-2135 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135 [ 31 ] CVE-2011-2136 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136 [ 32 ] CVE-2011-2137 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137 [ 33 ] CVE-2011-2138 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138 [ 34 ] CVE-2011-2139 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139 [ 35 ] CVE-2011-2140 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140 [ 36 ] CVE-2011-2414 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414 [ 37 ] CVE-2011-2415 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415 [ 38 ] CVE-2011-2416 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416 [ 39 ] CVE-2011-2417 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417 [ 40 ] CVE-2011-2424 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424 [ 41 ] CVE-2011-2425 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425 [ 42 ] CVE-2011-2431 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431 [ 43 ] CVE-2011-2432 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432 [ 44 ] CVE-2011-2433 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433 [ 45 ] CVE-2011-2434 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434 [ 46 ] CVE-2011-2435 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435 [ 47 ] CVE-2011-2436 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436 [ 48 ] CVE-2011-2437 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437 [ 49 ] CVE-2011-2438 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438 [ 50 ] CVE-2011-2439 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439 [ 51 ] CVE-2011-2440 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440 [ 52 ] CVE-2011-2441 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441 [ 53 ] CVE-2011-2442 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442 [ 54 ] CVE-2011-2462 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462 [ 55 ] CVE-2011-4369 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201201-19.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201102-0075", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.6, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat", "scope": "eq", "trust": 1.0, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.0)" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.8, "vendor": "adobe", "version": "x (10.0)" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4 extras" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "4.8.z extras" }, { "model": "enterprise linux server supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "enterprise linux workstation supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (client)" }, { "model": "rhel desktop supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "6" }, { "model": "rhel supplementary", "scope": "eq", "trust": 0.8, "vendor": "red hat", "version": "5 (server)" }, { "model": "acrobat", "scope": null, "trust": 0.7, "vendor": "adobe", "version": null }, { "model": "reader", "scope": null, "trust": 0.7, "vendor": "adobe", "version": null }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "desktop extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "enterprise linux extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "10" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.3" }, { "model": "acrobat professional extended", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.8" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.5" }, { "model": "acrobat professional security updat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "enterprise linux es extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "reader security updat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.0" }, { "model": "linux enterprise desktop sp1", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.7" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "enterprise linux ws extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.6" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.2" }, { "model": "enterprise linux as extras", "scope": "eq", "trust": 0.3, "vendor": "redhat", "version": "4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.1.2" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.3" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "BID", "id": "46208" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "CNNVD", "id": "CNNVD-201102-145" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "cpe_match": [ { "cpe22Uri": "cpe:/a:adobe:acrobat", "vulnerable": true }, { "cpe22Uri": "cpe:/a:adobe:acrobat_reader", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:enterprise_linux", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_server_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_workstation_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_desktop_supplementary", "vulnerable": true }, { "cpe22Uri": "cpe:/a:redhat:rhel_supplementary", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001202" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Peter Vreugdenhil ( http://vreugdenhilresearch.nl )", "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" } ], "trust": 1.4 }, "cve": "CVE-2011-0590", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "nvd@nist.gov", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "CVE-2011-0590", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 1.8, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 9.0, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "CVE-2011-0590", "impactScore": 8.5, "integrityImpact": "PARTIAL", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "ZDI", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 10.0, "id": "CVE-2011-0590", "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "HIGH", "trust": 0.7, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 8.6, "id": "VHN-48535", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "ZDI", "id": "CVE-2011-0590", "trust": 1.4, "value": "HIGH" }, { "author": "nvd@nist.gov", "id": "CVE-2011-0590", "trust": 1.0, "value": "HIGH" }, { "author": "NVD", "id": "CVE-2011-0590", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201102-145", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-48535", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "VULHUB", "id": "VHN-48535" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "CNNVD", "id": "CNNVD-201102-145" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600. Adobe Reader and Acrobat Contains a vulnerability that allows arbitrary code execution. This vulnerability CVE-2011-0591 , CVE-2011-0592 , CVE-2011-0593 , CVE-2011-0595 and CVE-2011-0600 Is a different vulnerability.By a third party 3D An arbitrary code may be executed via the file. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the application\u0027s implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application. \n\nFor more information:\nSA43207\n\nSOLUTION:\nUpdated packages are available via Red Hat Network. \n\n-- Vendor Response:\nAdobe has issued an update to correct this vulnerability. More\ndetails can be found at:\n\nhttp://www.adobe.com/support/security/bulletins/apsb11-03.html\n\n-- Disclosure Timeline:\n2010-09-22 - Vulnerability reported to vendor\n2011-02-08 - Coordinated public release of advisory\n\n-- Credit:\nThis vulnerability was discovered by:\n * Peter Vreugdenhil ( http://vreugdenhilresearch.nl )\n\n-- About the Zero Day Initiative (ZDI):\nEstablished by TippingPoint, The Zero Day Initiative (ZDI) represents \na best-of-breed model for rewarding security researchers for responsibly\ndisclosing discovered vulnerabilities. \n\nResearchers interested in getting paid for their security research\nthrough the ZDI can find more information and sign-up at:\n\n http://www.zerodayinitiative.com\n\nThe ZDI is unique in how the acquired vulnerability information is\nused. TippingPoint does not re-sell the vulnerability details or any\nexploit code. Instead, upon notifying the affected product vendor,\nTippingPoint provides its customers with zero day protection through\nits intrusion prevention technology. Explicit details regarding the\nspecifics of the vulnerability are not exposed to any parties until\nan official vendor patch is publicly available. Furthermore, with the\naltruistic aim of helping to secure a broader user base, TippingPoint\nprovides this vulnerability information confidentially to security\nvendors (including competitors) who have a vulnerability protection or\nmitigation product. \n\nOur vulnerability disclosure policy is available online at:\n\n http://www.zerodayinitiative.com/advisories/disclosure_policy/\n\nFollow the ZDI on Twitter:\n\n http://twitter.com/thezdi\n\n_______________________________________________\nFull-Disclosure - We believe in it. \nCharter: http://lists.grok.org.uk/full-disclosure-charter.html\nHosted and sponsored by Secunia - http://secunia.com/\n. ----------------------------------------------------------------------\n\n\nGet a tax break on purchases of Secunia Solutions!\n\nIf you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at:\nhttp://secunia.com/products/corporate/vim/section_179/\n\n\n----------------------------------------------------------------------\n\nTITLE:\nAdobe Reader / Acrobat Multiple Vulnerabilities\n\nSECUNIA ADVISORY ID:\nSA43207\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/43207/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207\n\nRELEASE DATE:\n2011-02-09\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/43207/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/43207/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nMultiple vulnerabilities have been reported in Adobe Reader /\nAcrobat, which can be exploited by malicious, local users to gain\nescalated privileges and by malicious people to conduct cross-site\nscripting attacks and compromise a user\u0027s system. \n\n2) An unspecified error can be exploited to corrupt memory. \n\n3) An unspecified error related to file permissions in Windows-based\nversions can be exploited to gain escalated privileges. \n\n5) An unspecified error when parsing images can be exploited to\ncorrupt memory. \n\n6) An error in AcroRd32.dll when parsing certain images can be\nexploited to corrupt memory. \n\n11) An input validation error can be exploited to conduct cross-site\nscripting attacks. \n\n13) An unspecified error can be exploited to corrupt memory. \n\n18) An input validation error when parsing fonts may allow code\nexecution. \n\n20) An error in 2d.dll when parsing height and width values of RLE_8\ncompressed BMP files can be exploited to cause a heap-based buffer\noverflow. \n\n21) An integer overflow in ACE.dll when parsing certain ICC data can\nbe exploited to cause a buffer overflow. \n\n22) A boundary error in rt3d.dll when parsing bits per pixel and\nnumber of colors if 4/8-bit RLE compressed BMP files can be exploited\nto cause a heap-based buffer overflow. \n\n23) An error in the U3D implementation when handling the Parent Node\ncount can be exploited to cause a buffer overflow. \n\n24) A boundary error when processing JPEG files embedded in a PDF\nfile can be exploited to corrupt heap memory. \n\n26) An input validation error can be exploited to conduct cross-site\nscripting attacks. \n\n28) A boundary error in rt3d.dll when parsing certain files can be\nexploited to cause a stack-based buffer overflow. \n\n29) An integer overflow in the U3D implementation when parsing a ILBM\ntexture file can be exploited to cause a buffer overflow. \n\n30) Some vulnerabilities are caused due to vulnerabilities in the\nbundled version of Adobe Flash Player. \n\nFor more information:\nSA43267\n\nThe vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1\nand prior, and 10.0 and prior. \n\nSOLUTION:\nUpdate to version 8.2.6, 9.4.2, or 10.0.1. \n\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nPROVIDED AND/OR DISCOVERED BY:\n2) Bing Liu, Fortinet\u0027s FortiGuard Labs. \n6) Abdullah Ada via ZDI. \n8) Haifei Li, Fortinet\u0027s FortiGuard Labs. \n14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. \n21) Sebastian Apelt via ZDI. \n23) el via ZDI. \n14) Sean Larsson, iDefense Labs. \n28) An anonymous person via ZDI. \n\nThe vendor also credits:\n1) Mitja Kolsek, ACROS Security. \n3) Matthew Pun. \n4, 5, 18) Tavis Ormandy, Google Security Team. \n7) James Quirk. \n9) Brett Gervasoni, Sense of Security. \n10) Joe Schatz. \n11, 26) Billy Rios, Google Security Team. \n12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. \n13) CESG. \n25) Will Dormann, CERT. \n27) Marc Schoenefeld, Red Hat Security Response Team. \n\nORIGINAL ADVISORY:\nAdobe (APSB11-03)\nhttp://www.adobe.com/support/security/bulletins/apsb11-03.html\nhttp://www.adobe.com/support/security/bulletins/apsb11-02.html\n\nZDI:\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-065/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-066/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-067/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-068/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-069/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-070/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-071/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-072/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-073/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-074/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-075/\nhttp://www.zerodayinitiative.com/advisories/ZDI-11-077/\n\nFortiGuard Labs:\nhttp://www.fortiguard.com/advisory/FGA-2011-06.html\n\niDefense:\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891\n\nOTHER REFERENCES:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nDEEP LINKS:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED DESCRIPTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXTENDED SOLUTION:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\nEXPLOIT:\nFurther details available in Customer Area:\nhttp://secunia.com/products/corporate/EVM/\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\nprivate users keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. Please\nreview the CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/acroread-9.4.7\"\n\nReferences\n==========\n\n[ 1 ] CVE-2010-4091\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-4091\n[ 2 ] CVE-2011-0562\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0562\n[ 3 ] CVE-2011-0563\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0563\n[ 4 ] CVE-2011-0565\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0565\n[ 5 ] CVE-2011-0566\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0566\n[ 6 ] CVE-2011-0567\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0567\n[ 7 ] CVE-2011-0570\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0570\n[ 8 ] CVE-2011-0585\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0585\n[ 9 ] CVE-2011-0586\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0586\n[ 10 ] CVE-2011-0587\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0587\n[ 11 ] CVE-2011-0588\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0588\n[ 12 ] CVE-2011-0589\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0589\n[ 13 ] CVE-2011-0590\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0590\n[ 14 ] CVE-2011-0591\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0591\n[ 15 ] CVE-2011-0592\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0592\n[ 16 ] CVE-2011-0593\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0593\n[ 17 ] CVE-2011-0594\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0594\n[ 18 ] CVE-2011-0595\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0595\n[ 19 ] CVE-2011-0596\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0596\n[ 20 ] CVE-2011-0598\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0598\n[ 21 ] CVE-2011-0599\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0599\n[ 22 ] CVE-2011-0600\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0600\n[ 23 ] CVE-2011-0602\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0602\n[ 24 ] CVE-2011-0603\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0603\n[ 25 ] CVE-2011-0604\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0604\n[ 26 ] CVE-2011-0605\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0605\n[ 27 ] CVE-2011-0606\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0606\n[ 28 ] CVE-2011-2130\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2130\n[ 29 ] CVE-2011-2134\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2134\n[ 30 ] CVE-2011-2135\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2135\n[ 31 ] CVE-2011-2136\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2136\n[ 32 ] CVE-2011-2137\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2137\n[ 33 ] CVE-2011-2138\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2138\n[ 34 ] CVE-2011-2139\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2139\n[ 35 ] CVE-2011-2140\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2140\n[ 36 ] CVE-2011-2414\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2414\n[ 37 ] CVE-2011-2415\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2415\n[ 38 ] CVE-2011-2416\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2416\n[ 39 ] CVE-2011-2417\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2417\n[ 40 ] CVE-2011-2424\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2424\n[ 41 ] CVE-2011-2425\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2425\n[ 42 ] CVE-2011-2431\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2431\n[ 43 ] CVE-2011-2432\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2432\n[ 44 ] CVE-2011-2433\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2433\n[ 45 ] CVE-2011-2434\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2434\n[ 46 ] CVE-2011-2435\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2435\n[ 47 ] CVE-2011-2436\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2436\n[ 48 ] CVE-2011-2437\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2437\n[ 49 ] CVE-2011-2438\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2438\n[ 50 ] CVE-2011-2439\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2439\n[ 51 ] CVE-2011-2440\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2440\n[ 52 ] CVE-2011-2441\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2441\n[ 53 ] CVE-2011-2442\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2442\n[ 54 ] CVE-2011-2462\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-2462\n[ 55 ] CVE-2011-4369\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4369\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201201-19.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2011-0590" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "BID", "id": "46208" }, { "db": "VULHUB", "id": "VHN-48535" }, { "db": "PACKETSTORM", "id": "98274" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "98298" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" } ], "trust": 3.69 }, "exploit_availability": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "reference": "https://www.scap.org.cn/vuln/vhn-48535", "trust": 0.1, "type": "unknown" } ], "sources": [ { "db": "VULHUB", "id": "VHN-48535" } ] }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2011-0590", "trust": 4.5 }, { "db": "SECTRACK", "id": "1025033", "trust": 1.9 }, { "db": "VUPEN", "id": "ADV-2011-0337", "trust": 1.9 }, { "db": "ZDI", "id": "ZDI-11-077", "trust": 1.2 }, { "db": "ZDI", "id": "ZDI-11-066", "trust": 1.2 }, { "db": "SECUNIA", "id": "43470", "trust": 1.2 }, { "db": "BID", "id": "46208", "trust": 1.2 }, { "db": "VUPEN", "id": "ADV-2011-0492", "trust": 1.1 }, { "db": "SECUNIA", "id": "43207", "trust": 1.0 }, { "db": "JVNDB", "id": "JVNDB-2011-001202", "trust": 0.8 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-897", "trust": 0.7 }, { "db": "ZDI_CAN", "id": "ZDI-CAN-899", "trust": 0.7 }, { "db": "CNNVD", "id": "CNNVD-201102-145", "trust": 0.7 }, { "db": "PACKETSTORM", "id": "98274", "trust": 0.2 }, { "db": "PACKETSTORM", "id": "98298", "trust": 0.2 }, { "db": "VULHUB", "id": "VHN-48535", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "99246", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-074", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-071", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-070", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-067", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-073", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-072", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-065", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-068", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-075", "trust": 0.1 }, { "db": "ZDI", "id": "ZDI-11-069", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "98320", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "109194", "trust": 0.1 } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "VULHUB", "id": "VHN-48535" }, { "db": "BID", "id": "46208" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "PACKETSTORM", "id": "98274" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "98298" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-145" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "id": "VAR-201102-0075", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-48535" } ], "trust": 0.01 }, "last_update_date": "2024-11-23T19:49:24.856000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB11-03", "trust": 2.2, "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "title": "cpsid_89065", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/890/cpsid_89065.html" }, { "title": "RHSA-2011:0301", "trust": 0.8, "url": "https://rhn.redhat.com/errata/RHSA-2011-0301.html" } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-48535" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 3.7, "url": "http://www.adobe.com/support/security/bulletins/apsb11-03.html" }, { "trust": 1.9, "url": "http://www.securitytracker.com/id?1025033" }, { "trust": 1.9, "url": "http://www.vupen.com/english/advisories/2011/0337" }, { "trust": 1.1, "url": "https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a12621" }, { "trust": 1.1, "url": "http://www.redhat.com/support/errata/rhsa-2011-0301.html" }, { "trust": 1.1, "url": "http://secunia.com/advisories/43470" }, { "trust": 1.1, "url": "http://www.vupen.com/english/advisories/2011/0492" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-0590" }, { "trust": 0.8, "url": "http://www.jpcert.or.jp/at/2011/at110004.txt" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2011-0590" }, { "trust": 0.8, "url": "http://secunia.com/advisories/43207" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/46208" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.4, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-066/" }, { "trust": 0.4, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-077/" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0590" }, { "trust": 0.2, "url": "http://www.zerodayinitiative.com/advisories/disclosure_policy/" }, { "trust": 0.2, "url": "http://vreugdenhilresearch.nl" }, { "trust": 0.2, "url": "http://secunia.com/" }, { "trust": 0.2, "url": "http://twitter.com/thezdi" }, { "trust": 0.2, "url": "http://www.zerodayinitiative.com" }, { "trust": 0.2, "url": "http://lists.grok.org.uk/full-disclosure-charter.html" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/evm/" }, { "trust": 0.2, "url": "http://secunia.com/products/corporate/vim/section_179/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.2, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-066" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43470/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43470/#comments" }, { "trust": 0.1, "url": "https://rhn.redhat.com/errata/rhsa-2011-0301.html" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43470" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-077" }, { "trust": 0.1, "url": "http://www.tippingpoint.com" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-068/" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43207/#comments" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-065/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=43207" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-072/" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/bulletins/apsb11-02.html" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-073/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-069/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-075/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-070/" }, { "trust": 0.1, "url": "http://www.fortiguard.com/advisory/fga-2011-06.html" }, { "trust": 0.1, "url": "http://secunia.com/advisories/43207/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-067/" }, { "trust": 0.1, "url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-071/" }, { "trust": 0.1, "url": "http://www.zerodayinitiative.com/advisories/zdi-11-074/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2432" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0599" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-2130" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0605" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0591" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0587" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2438" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0600" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2414" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2417" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2462" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2434" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2415" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0567" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0596" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0603" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2135" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2431" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0595" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2139" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0588" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2425" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0595" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2010-4091" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2416" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4369" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2436" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2424" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0596" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0604" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0588" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2439" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0585" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2441" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0598" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2130" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0603" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0562" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0593" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0592" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2134" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0590" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2137" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201201-19.xml" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0585" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2138" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0586" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0589" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0565" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2136" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0606" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0570" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0594" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0589" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0600" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0592" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2433" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0566" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0599" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2010-4091" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2442" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2437" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0606" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0566" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2435" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0594" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0605" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0563" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2140" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0591" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-0593" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-2440" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0602" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-0598" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." } ], "sources": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "VULHUB", "id": "VHN-48535" }, { "db": "BID", "id": "46208" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "PACKETSTORM", "id": "98274" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "98298" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-145" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "ZDI", "id": "ZDI-11-077" }, { "db": "ZDI", "id": "ZDI-11-066" }, { "db": "VULHUB", "id": "VHN-48535" }, { "db": "BID", "id": "46208" }, { "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "db": "PACKETSTORM", "id": "98274" }, { "db": "PACKETSTORM", "id": "99246" }, { "db": "PACKETSTORM", "id": "98298" }, { "db": "PACKETSTORM", "id": "98320" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-145" }, { "db": "NVD", "id": "CVE-2011-0590" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-08T00:00:00", "db": "ZDI", "id": "ZDI-11-077" }, { "date": "2011-02-08T00:00:00", "db": "ZDI", "id": "ZDI-11-066" }, { "date": "2011-02-10T00:00:00", "db": "VULHUB", "id": "VHN-48535" }, { "date": "2011-02-08T00:00:00", "db": "BID", "id": "46208" }, { "date": "2011-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "date": "2011-02-08T22:27:58", "db": "PACKETSTORM", "id": "98274" }, { "date": "2011-03-14T11:37:12", "db": "PACKETSTORM", "id": "99246" }, { "date": "2011-02-08T23:50:00", "db": "PACKETSTORM", "id": "98298" }, { "date": "2011-02-09T03:30:01", "db": "PACKETSTORM", "id": "98320" }, { "date": "2012-01-31T00:07:37", "db": "PACKETSTORM", "id": "109194" }, { "date": "2011-02-10T00:00:00", "db": "CNNVD", "id": "CNNVD-201102-145" }, { "date": "2011-02-10T18:00:58.410000", "db": "NVD", "id": "CVE-2011-0590" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2011-02-08T00:00:00", "db": "ZDI", "id": "ZDI-11-077" }, { "date": "2011-02-08T00:00:00", "db": "ZDI", "id": "ZDI-11-066" }, { "date": "2018-10-30T00:00:00", "db": "VULHUB", "id": "VHN-48535" }, { "date": "2013-06-20T09:39:00", "db": "BID", "id": "46208" }, { "date": "2011-03-09T00:00:00", "db": "JVNDB", "id": "JVNDB-2011-001202" }, { "date": "2011-02-14T00:00:00", "db": "CNNVD", "id": "CNNVD-201102-145" }, { "date": "2024-11-21T01:24:22.167000", "db": "NVD", "id": "CVE-2011-0590" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "98274" }, { "db": "PACKETSTORM", "id": "98298" }, { "db": "PACKETSTORM", "id": "109194" }, { "db": "CNNVD", "id": "CNNVD-201102-145" } ], "trust": 0.9 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Reader and Acrobat Vulnerable to arbitrary code execution", "sources": [ { "db": "JVNDB", "id": "JVNDB-2011-001202" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "input validation", "sources": [ { "db": "CNNVD", "id": "CNNVD-201102-145" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.