VARIoT IoT vulnerabilities database
| VAR-201208-0747 | No CVE | IOServer Remote Directory Traversal Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
IOServer is an industrial control software running on Windows that includes a built-in web server to support XML server functionality. Before IOServer 1.0.19.0 version did not correctly filter the URL, the input is used to display the file, and any file content can be downloaded and leaked through the directory traversal sequence. Successful exploitation of this vulnerability requires the \"XML Server\" to be enabled. IOServer is prone to a directory-traversal vulnerability because it fails to sufficiently sanitize user-supplied input.
A remote attacker could exploit this vulnerability using directory-traversal strings (such as '../') to access arbitrary files within or outside of the XML server root directory. This could help the attacker launch further attacks.
IOServer 1.0.18.0 and prior versions are vulnerable
| VAR-201208-0351 | CVE-2012-3024 | Tridium Niagara AX Framework Vulnerabilities that bypass authentication |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Tridium Niagara AX Framework through 3.6 uses predictable values for (1) session IDs and (2) keys, which might allow remote attackers to bypass authentication via a brute-force attack. Niagara Framework is prone to a session-hijacking vulnerability.
Successful exploit of this issue allows an attacker to gain unauthorized access to the affected application. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Niagara Framework Predictable Session Identifier Vulnerability
SECUNIA ADVISORY ID:
SA50288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50288
RELEASE DATE:
2012-08-16
DISCUSS ADVISORY:
http://secunia.com/advisories/50288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Niagara Framework, which can be
exploited by malicious people to hijack a user's session.
The vulnerability is caused due to predictable sessions identifiers
being used.
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
Billy Rios and Terry McCorkle via ICS-CERT.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0355 | CVE-2012-2980 | Samsung and HTC android phone information disclosure vulnerability |
CVSS V2: 7.1 CVSS V3: - Severity: HIGH |
The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. Samsung and HTC Made Android Certain terminals have a vulnerability in which information entered by the user is leaked. Samsung and HTC Made Android The information entered by the user is stored on a specific device model. dmseg There are vulnerabilities that can be referenced using commands.The phone number entered by the user by a third party PIN A number may be obtained. Users who have access to the affected device and can execute the dmesg application can view the dmesg buffer data without root or administrator privileges. May be used to read PIN numbers, short messages, phone numbers, etc. Multiple Samsung and HTC Devices are prone to an information-disclosure vulnerability.
Successful attacks can allow an attacker to obtain sensitive information that may aid in further attacks
| VAR-201208-0832 | No CVE | SAP Netweaver 'SAPHostControl' Service Remote Code Execution Vulnerability |
CVSS V2: - CVSS V3: - Severity: HIGH |
SAP NetWeaver is the technical foundation for SAP Business Suite solutions, SAP xApps composite applications, partner solutions, and custom applications. The SAPHostControl service has remote parameter injection that allows an attacker to execute arbitrary commands in the SAP administrator context through the SOAP management console. The SOAP WEB service listens on port 50013. The authentication mechanism has a security vulnerability. Because the authentication is not fully input, the attacker is allowed to submit malicious parameters to the database script through the WEB service. Any command can be created and run in the SAP administrator context. SAP Netweaver is prone to a remote code-execution vulnerability. This may allow an attacker to take complete control of the system.
SAP NetWeaver 7.02 is vulnerable; other versions may also be affected
| VAR-201208-0876 | No CVE | Samsung Galaxy S2 Epic 4G Touch Unsafe Temporary File Creation Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Samsung Galaxy S2 Epic 4G Touch is a smartphone developed by Samsung. Samsung Galaxy S2 Epic 4G Touch creates /data/log, /data/anr and /data/_SamsungBnR_ directories in a globally writable way. Attackers can exploit vulnerabilities to destroy files and increase permissions.
Successfully exploiting the temporary-file-creation issues allows an attacker to overwrite arbitrary files and to perform symbolic-link attacks in the context of the affected device. Other attacks may also be possible
| VAR-201208-0212 | CVE-2012-4363 | Adobe Reader Service disruption in ( Application crash ) Vulnerabilities |
CVSS V2: 9.3 CVSS V3: - Severity: HIGH |
Multiple unspecified vulnerabilities in Adobe Reader through 10.1.4 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, related to "sixteen more crashes affecting Windows, OS X, or both systems.". Adobe Acrobat and Reader are prone to multiple unspecified remote code-execution vulnerabilities.
Successful attacks will result in arbitrary code execution in the context of the user running the affected application; failed attacks may cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0352 | CVE-2012-3025 | Tridium Niagara AX Framework Vulnerability in which important information is obtained in default settings |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The default configuration of Tridium Niagara AX Framework through 3.6 uses a cleartext base64 format for transmission of credentials in cookies, which allows remote attackers to obtain sensitive information by sniffing the network. A remote attacker can exploit this vulnerability to gain sensitive information by sniffing the network. Tridium Niagara AX Framework is prone to an information-disclosure vulnerability. This may lead to further attacks. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Niagara Framework Predictable Session Identifier Vulnerability
SECUNIA ADVISORY ID:
SA50288
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50288/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50288
RELEASE DATE:
2012-08-16
DISCUSS ADVISORY:
http://secunia.com/advisories/50288/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50288/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50288
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Niagara Framework, which can be
exploited by malicious people to hijack a user's session.
The vulnerability is caused due to predictable sessions identifiers
being used.
SOLUTION:
No official solution is currently available.
PROVIDED AND/OR DISCOVERED BY:
Billy Rios and Terry McCorkle via ICS-CERT.
ORIGINAL ADVISORY:
ICS-CERT:
http://www.us-cert.gov/control_systems/pdf/ICSA-12-228-01.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0526 | CVE-2012-1535 |
Adobe Flash Player Vulnerable to arbitrary code execution
Related entries in the VARIoT exploits database: VAR-E-201208-0356 |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document. Adobe Flash Player is prone to an unspecified remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Adobe Flash Player 11.3.300.270 and earlier versions are vulnerable. The product enables viewing of applications, content and video across screens and browsers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
=====================================================================
Red Hat Security Advisory
Synopsis: Critical: flash-plugin security update
Advisory ID: RHSA-2012:1173-01
Product: Red Hat Enterprise Linux Extras
Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-1173.html
Issue date: 2012-08-15
CVE Names: CVE-2012-1535
=====================================================================
1. Summary:
An updated Adobe Flash Player package that fixes one security issue is now
available for Red Hat Enterprise Linux 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64
Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
3. Description:
The flash-plugin package contains a Mozilla Firefox compatible Adobe Flash
Player web browser plug-in. This
vulnerability is detailed on the Adobe security page APSB12-18, listed
in the References section. Specially-crafted SWF content could cause
flash-plugin to crash or, potentially, execute arbitrary code when a victim
loads a page containing the malicious SWF content.
4. Solution:
Before applying this update, make sure all previously-released errata
relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/knowledge/articles/11258
5. Bugs fixed (http://bugzilla.redhat.com/):
848180 - CVE-2012-1535 flash-plugin: code execution flaw (APSB12-18)
6. Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386:
flash-plugin-11.2.202.238-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.238-1.el6.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386:
flash-plugin-11.2.202.238-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.238-1.el6.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386:
flash-plugin-11.2.202.238-1.el6.i686.rpm
x86_64:
flash-plugin-11.2.202.238-1.el6.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package
7. References:
https://www.redhat.com/security/data/cve/CVE-2012-1535.html
https://access.redhat.com/security/updates/classification/#critical
http://www.adobe.com/support/security/bulletins/apsb12-18.html
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.4 (GNU/Linux)
iD8DBQFQK/hJXlSAg2UNWIIRAkFzAKCPRocUjqxLsay0dkbHh61QBjKQawCgk5w2
8EH4iUcReCfqqbmx0B7pt/M=
=4lNr
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://www.redhat.com/mailman/listinfo/rhsa-announce
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Flash Player Unspecified Code Execution Vulnerability
SECUNIA ADVISORY ID:
SA50285
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50285/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50285
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50285/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50285/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50285
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Flash Player, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an unspecified error. No more
information is currently available.
NOTE: The vulnerability is currently being actively exploited in
targeted attacks via Word documents against the Windows version.
SOLUTION:
Update to version 11.3.300.270 for Windows, Mac, and Chrome or
version 11.2.202.238 for Linux.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported as a 0-day.
The vendor also credits Alexander Gavrun via iDefense VCP.
ORIGINAL ADVISORY:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb12-18.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
(CVE-2012-1535, CVE-2012-4163, CVE-2012-4164, CVE-2012-4165,
CVE-2012-4166, CVE-2012-4167)
A flaw in flash-plugin could allow an attacker to obtain sensitive
information if a victim were tricked into visiting a specially-crafted web
page. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c04039150
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c04039150
Version: 1
HPSBMU02948 rev.1 - HP Systems Insight Manager (SIM) Running on Linux and
Windows, Remote Execution of Arbitrary Code, Denial of Service (DoS),
Disclosure of Information
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
Release Date: 2014-03-10
Last Updated: 2014-03-10
Potential Security Impact: Remote execution of arbitrary code, Denial of
Service (DoS), disclosure of information
Source: Hewlett-Packard Company, HP Software Security Response Team
VULNERABILITY SUMMARY
Potential security vulnerabilities have been identified with HP Systems
Insight Manager (SIM) running on Linux and Windows. The vulnerabilities could
be exploited remotely resulting in execution of arbitrary code, Denial of
Service (DoS), or disclosure of information.
HP Systems Insight Manager (SIM) prior to v7.3 for Linux and Windows
(CVE-2013-0646, CVE-2013-0650, CVE-2013-1371, CVE-2013-1375, CVE-2013-1378,
CVE-2013-1379, CVE-2013-1380, CVE-2013-2555)
HP Systems Insight Manager (SIM) prior to v7.2 for Linux and Windows
(CVE-2012-4168, CVE-2012-4167, CVE-2012-4165, CVE-2012-4164, CVE-2012-4163,
CVE-2012-1535)
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-1535 (AV:N/AC:M/Au:N/C:C/I:C/A:C) 9.3
CVE-2012-4163 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-4164 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-4165 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-4167 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2012-4168 (AV:N/AC:M/Au:N/C:P/I:N/A:N) 4.3
CVE-2013-0646 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-0650 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1371 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1375 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1378 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1379 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-1380 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
CVE-2013-2555 (AV:N/AC:L/Au:N/C:C/I:C/A:C) 10.0
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
RESOLUTION
HP has made Systems Insight Manager (SIM) v7.3 available for Linux and
Windows to resolve the vulnerabilities.
Information and downloads for HP SIM can be found at the following locations:
http://h18013.www1.hp.com/products/servers/management/hpsim/download.html
Insight Management DVD:
http://h18013.www1.hp.com/products/servers/management/fpdownload.html
HISTORY
Version:1 (rev.1) - 10 March 2013 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2014 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits; damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
Background
==========
The Adobe Flash Player is a renderer for the SWF file format, which is
commonly used to provide interactive websites. Please review the CVE identifiers referenced below for
details.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Flash Player users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot -v ">=www-plugins/adobe-flash-11.2.202.238"
References
==========
[ 1 ] CVE-2012-1535
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1535
[ 2 ] CVE-2012-4163
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4163
[ 3 ] CVE-2012-4164
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4164
[ 4 ] CVE-2012-4165
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4165
[ 5 ] CVE-2012-4166
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4166
[ 6 ] CVE-2012-4167
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4167
[ 7 ] CVE-2012-4168
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4168
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201209-01.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2012 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
| VAR-201208-0875 | No CVE | SonicWall AntiSpam & EMail Multiple HTML Injection Vulnerabilities and Cross-Site Scripting Vulnerabilities |
CVSS V2: 6.8 CVSS V3: - Severity: MEDIUM |
SonicWALL is a full-featured Internet security appliance designed to meet the needs of a large network with growing VPN needs. Multiple HTML injection vulnerabilities and cross-site scripting vulnerabilities exist in SonicWall AntiSpam & EMail due to insufficient validation of user-supplied input. The HTML and script code provided by the attacker can be run in the context of the affected browser, stealing a cookie-based authentication certificate, or controlling how the site communicates to the user, or there may be other attacks. There are vulnerabilities in AntiSpam & EMail version 7.3.5.6379, other versions may also be affected. Other attacks are also possible
| VAR-201208-0728 | CVE-2012-2050 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted PDF
file, possibly resulting in arbitrary code execution or a Denial of
Service condition. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0727 | CVE-2012-2049 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to stack-based buffer overflow |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Stack-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote stack-based buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted PDF
file, possibly resulting in arbitrary code execution or a Denial of
Service condition. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
The vulnerabilities are reported in the following products:
* Adobe Reader X and Acrobat X versions 10.1.3 and prior for Windows
and Macintosh.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0729 | CVE-2012-2051 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0527 | CVE-2012-1525 | Windows and Mac OS X upper Adobe Reader and Acrobat Heap-based buffer overflow vulnerability |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Heap-based buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote heap-based buffer-overflow vulnerability.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details.
Impact
======
A remote attacker could entice a user to open a specially crafted PDF
file, possibly resulting in arbitrary code execution or a Denial of
Service condition. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0443 | CVE-2012-4155 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0442 | CVE-2012-4154 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0441 | CVE-2012-4153 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0440 | CVE-2012-4158 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0437 | CVE-2012-4162 | Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0436 | CVE-2012-4161 | Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0439 | CVE-2012-4157 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------