VARIoT IoT vulnerabilities database
| VAR-201208-0438 | CVE-2012-4156 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0435 | CVE-2012-4160 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0434 | CVE-2012-4159 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0433 | CVE-2012-4152 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0432 | CVE-2012-4151 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0430 | CVE-2012-4149 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0431 | CVE-2012-4150 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0422 | CVE-2012-4148 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0421 | CVE-2012-4147 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0144 | CVE-2012-3247 | HP Integrity Server Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. Multiple models of HP Integrity Servers are prone to a denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions on the affected servers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03450553
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03450553
Version: 1
HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2,
BL870c i2, BL890c i2, Potential Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References: CVE-2012-3247
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Integrity Server
Firmware version to resolve this issue
rx2800 i2
26.30 or later
bl860 i2
26.31 or later
bl870 i2
26.31 or later
bl890 i2
26.31 or later
For the rx2800 i2:
Goto www.hp.com
Click on support & drivers
Click on Drivers & Software and then search for 'rx2800 i2'
Select the appropriate server model
Click on Cross operating system (BIOS, Firmware, Diagnostics, etc.)
Click on firmware system
Select and download the firmware
For bl860 i2, bl870 i2, bl890 i2:
Goto www.hp.com
Click on support & drivers
Click on Drivers & Software and then search for 'bl860 i2', 'bl870 i2', or
'bl890 i2'
Click on Cross operating system (BIOS, Firmware, Diagnostics, etc.)
Click on firmware system
Select and download the firmware
Note: HP recommends using the most recent version of firmware provided
HISTORY
Version:1 (rev.1) - 13 August 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlApKw8ACgkQ4B86/C0qfVk8MwCfaXg3FslOFkEA1zsolGq4tRcn
ByYAoMJaM4qyOTnMryJQF62EgyIRdVzO
=lz3z
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
HP Integrity Server Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA50282
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50282/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50282
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50282/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50282/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50282
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP Integrity Servers, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
The vulnerability is caused due to an unspecified error. No further
information is currently available.
The vulnerability is reported in BL860c i2, BL870c i2, and BL890c i2
firmware version 26.11 and prior and in rx2800 i2 firmware version
26.21 and prior.
SOLUTION:
Update to a fixed firmware version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBHF02804 SSRT100631:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450553
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0349 | CVE-2012-3009 | Siemens COMOS Vulnerable to obtaining database administrator privileges |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. COMOS is a factory engineering software. Siemens COMOS is prone to an unspecified security-bypass vulnerability. Siemens COMOS is the world's leading provider of software solutions in the field of integrated lifecycle engineering. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Siemens COMOS Unspecified Security Bypass Security Issue
SECUNIA ADVISORY ID:
SA50249
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50249/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50249
RELEASE DATE:
2012-08-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50249/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50249/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50249
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in Siemens COMOS, which can be
exploited by malicious users to bypass certain security
restrictions.
Successful exploitation requires read access to the database.
The security issue is reported in versions prior to 9.1 Patch 413,
9.2 Update 03 Patch 023, 10.0 Patch 005, and 10.0 SP1.
SOLUTION:
Update to version 9.1 Patch 413, 9.2 Update 03 Patch 023, 10.0 Patch
005, or 10.0 SP1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0947 | No CVE | Hitachi JP1 / Integrated Management Cross-Site Scripting Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi JP1 / Integrated Management has a cross-site scripting vulnerability. Some unknown inputs are not properly filtered before being used. An attacker could use the vulnerability to execute arbitrary HTML and script code in the user browser of the affected site context. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Hitachi JP1/Integrated Management Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA50163
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50163/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50163
RELEASE DATE:
2012-08-08
DISCUSS ADVISORY:
http://secunia.com/advisories/50163/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50163/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50163
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/Integrated
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Certain unspecified input related to Service Support is not properly
sanitised before being returned to the user.
The vulnerability is reported in versions 08-11 through 08-11-04,
08-50 through 08-50-07, 08-51 through 08-51-09, 09-00 through
09-00-06, and 09-50 through 09-50-03.
SOLUTION:
Update to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-021/index.html
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-021/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0535 | CVE-2012-2283 | plural Iomega Product EMC Lifeline Vulnerability to read data in firmware |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. Iomega network storage devices is a family of network storage devices. If remote access (including port forwarding) is enabled for the affected device, all created shares (including those linked to the USB device) can be accessed by remote unauthorized users due to access control issues.
The following devices are vulnerable:
Home Media Network Hard Drive
iConnect
StorCenter. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
EMC Lifeline Shares Access Security Bypass Security Issue
SECUNIA ADVISORY ID:
SA50232
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50232/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50232
RELEASE DATE:
2012-08-09
DISCUSS ADVISORY:
http://secunia.com/advisories/50232/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50232/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50232
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in EMC Lifeline, which can be
exploited by malicious people to bypass certain security
restrictions.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ESA-2012-031:
http://archives.neohapsis.com/archives/bugtraq/2012-08/att-0056/ESA-2012-031.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Problem Resolution:
Download and install updated firmware for the Iomega network storage device.
Link to remedies:
Firmware updates for each affected Iomega product are available for download from www.iomega.com/support. Refer to the Readme.txt file included with the firmware update for additional information. Follow guidelines provided on the Iomega support site for security best practices; locate these articles by searching for "security best practices" from the support page for the specified Iomega network storage products.
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@EMC.COM
http://www.emc.com/contact-us/contact/product-security-response-center.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Cygwin)
iEYEARECAAYFAlAido0ACgkQtjd2rKp+ALwozgCfXlDVBnED5t8BprcB+xwU0qNM
pdUAoM9XsEtioHIqHnVrYEx+64e2tP3k
=JiIt
-----END PGP SIGNATURE-----
| VAR-201208-0748 | No CVE | SPECVIEW Directory Traversal Vulnerability |
CVSS V2: - CVSS V3: - Severity: MEDIUM |
SPECVIEW is a SCADA/HMI product. The WEB server included in SPECVIEW fails to properly filter the specially requested requests submitted by the user. The attacker can exploit the vulnerability for directory traversal attacks and view the contents of the system files with WEB permissions
| VAR-201208-0477 | CVE-2012-2960 | HP Arcsight Logger and Connector appliances cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: - Severity: MEDIUM |
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbitrary web script or HTML via a crafted file. HP Provided by ArcSight Logger and ArcSight Connectors Contains a cross-site scripting vulnerability. HP Arcsight multiple products are prone to an HTML-injection vulnerability because they fail to sufficiently sanitize user-supplied input.
An attacker could exploit this vulnerability to execute arbitrary script code in the browser of an unsuspecting victim in the context of the affected websites. This may allow the attacker to steal cookie-based authentication credentials or control how the websites are rendered to the user. Other attacks are also possible. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03606700
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03606700
Version: 1
HPSBMU02836 SSRT101056 rev.1 - HP ArcSight Connector Appliance and ArcSight
Logger, Remote Disclosure of Information, Command Injection, Cross-Site
Scripting (XSS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible. These vulnerabilities could be
exploited remotely to allow disclosure of information, command injection and
cross-site scripting (XSS).
References:
SSRT100864 VU#960468 CVE-2012-2960
SSRT101040 VU#829260 CVE-2012-3286
SSRT101056 VU#988100 CVE-2012-5198
SSRT101060 CVE-2012-5199
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
HP ArcSight Connector Appliance, v6.3 and earlier, HP Arcsight Logger v5.2
and earlier
BACKGROUND
CVSS 2.0 Base Metrics
===========================================================
Reference Base Vector Base Score
CVE-2012-2960 (AV:L/AC:L/Au:S/C:N/I:P/A:N) 1.7
CVE-2012-3286 (AV:N/AC:L/Au:S/C:P/I:P/A:P) 6.5
CVE-2012-5198 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5
CVE-2012-5199 (AV:L/AC:L/Au:S/C:C/I:C/A:C) 6.8
===========================================================
Information on CVSS is documented
in HP Customer Notice: HPSN-2008-002
The Hewlett-Packard Company thanks Michael Rutkowski of Duer Advanced
Technology and Aerospace, Inc (DATA), Chris Botelho of Errord Security, and
Shawn Asmus of Fishnet Security for reporting a vulnerability to CERT and
security-alert@hp.com.
The Hewlett-Packard Company thanks TEB Quantum Technology Sdn Bhd (Malaysia)
Professional Security Service Team for reporting a vulnerability to
security-alert@hp.com. Please contact HP support to receive updates.
Note:
CCVE2012-5198 was first addressed in HP ArcSight Connector Appliance v6.3
HP recommends updating to the latest version of HP ArcSight Connector
Appliance and HP ArcSight Logger as advised in the resolution.
HISTORY
Version:1 (rev.1) - 14 February 2013 Initial release
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001: https://h2056
6.www2.hp.com/portal/site/hpsc/public/kb/docDisplay/?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Support: For further information, contact normal HP Services support channel.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
It is strongly recommended that security related information being
communicated to HP be encrypted using PGP, especially exploit information.
To get the security-alert PGP key, please send an e-mail message as follows:
To: security-alert@hp.com
Subject: get key
Subscribe: To initiate a subscription to receive future HP Security Bulletins
via Email:
http://h30046.www3.hp.com/driverAlertProfile.php?regioncode=NA&langcode=USENG
&jumpid=in_SC-GEN__driverITRC&topiccode=ITRC
On the web page: ITRC security bulletins and patch sign-up
Under Step1: your ITRC security bulletins and patches
- check ALL categories for which alerts are required and continue.
Under Step2: your ITRC operating systems
- verify your operating system selections are checked and save.
To update an existing subscription: http://h30046.www3.hp.com/subSignIn.php
Log in on the web page: Subscriber's choice for Business: sign-in.
On the web page: Subscriber's Choice: your profile summary - use Edit Profile
to update appropriate sections.
To review previously published Security Bulletins visit:
http://www.itrc.hp.com/service/cki/secBullArchive.do
* The Software Product Category that this Security Bulletin relates to is
represented by the 5th and 6th characters of the Bulletin number in the
title: GN = HP General SW
MA = HP Management Agents
MI = Misc. 3rd Party SW
MP = HP MPE/iX
NS = HP NonStop Servers
OV = HP OpenVMS
PI = HP Printing & Imaging
ST = HP Storage SW
TL = HP Trusted Linux
TU = HP Tru64 UNIX
UX = HP-UX
VV = HP VirtualVault
System management and security procedures must be reviewed frequently to
maintain system integrity. HP is continually reviewing and enhancing the
security features of software products to provide customers with current
secure solutions.
"HP is broadly distributing this Security Bulletin in order to bring to the
attention of users of the affected HP products the important security
information contained in this Bulletin. HP recommends that all users
determine the applicability of this information to their individual
situations and take appropriate action. HP does not warrant that this
information is necessarily accurate or complete for all user situations and,
consequently, HP will not be responsible for any damages resulting from
user's use or disregard of the information provided in this Bulletin. To the
extent permitted by law, HP disclaims all warranties, either express or
implied, including the warranties of merchantability and fitness for a
particular purpose, title and non-infringement."
Copyright 2013 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for incidental,
special or consequential damages including downtime cost; lost profits;
damages relating to the procurement of substitute products or services; or
damages for loss of data, or software restoration. The information in this
document is subject to change without notice. Hewlett-Packard Company and the
names of Hewlett-Packard products referenced herein are trademarks of
Hewlett-Packard Company in the United States and other countries. Other
product and company names mentioned herein may be trademarks of their
respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
iEYEARECAAYFAlEdRIIACgkQ4B86/C0qfVntYQCePZmDwPOqhc6OWtMP7cjaXkA3
Ye4AoMgSVNjpEVbqRm4zRsGgw/kzyn8+
=URUy
-----END PGP SIGNATURE-----
| VAR-201208-0698 | CVE-2012-1344 | Cisco IOS Service disruption in ( Device reload ) Vulnerabilities |
CVSS V2: 3.5 CVSS V3: - Severity: LOW |
Cisco IOS 15.1 and 15.2, when a clientless SSL VPN is configured, allows remote authenticated users to cause a denial of service (device reload) by using a web browser to refresh the SSL VPN portal page, as demonstrated by the Android browser, aka Bug ID CSCtr86328. Cisco IOS is a popular Internet operating system.
Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtr86328
| VAR-201208-0699 | CVE-2012-1346 | Cisco Emergency Responder UDP Packet Denial of Service Vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Emergency Responder 8.6 and 9.2 allows remote attackers to cause a denial of service (CPU consumption) by sending malformed UDP packets to the CERPT port, aka Bug ID CSCtx38369. Cisco Emergency Responder (ER) enhances the emergency call capabilities of Cisco CallManager. It ensures that Cisco Callmanager can transfer emergency calls directly to the appropriate Public Safety Answering Point (PSAP).
Successful exploitation of the issue will cause excessive CPU consumption, resulting in a denial-of-service condition
| VAR-201208-0700 | CVE-2012-1348 | Cisco Wide Area Application Services Vulnerabilities that can capture important information on the appliance |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Cisco Wide Area Application Services (WAAS) appliances with software 4.4, 5.0, and 5.1 include a one-way hash of a password within output text, which might allow remote attackers to obtain sensitive information via a brute-force attack on the hash string, aka Bug ID CSCty17279. The problem is Bug ID CSCty17279 It is a problem.A brute force attack on a hash string by a third party (Brute force attack) You may get important information through.
Successful exploits will allow attackers to obtain sensitive information, such as credentials, that may aid in further attacks.
This issue is being tracked by Cisco bug ID CSCty17279
| VAR-201208-0701 | CVE-2012-1350 | Cisco IOS Service disruption in (DoS) Vulnerabilities |
CVSS V2: 7.8 CVSS V3: - Severity: HIGH |
Cisco IOS 12.3 and 12.4 on Aironet access points allows remote attackers to cause a denial of service (radio-interface input-queue hang) via IAPP 0x3281 packets, aka Bug ID CSCtc12426. Cisco IOS is a popular Internet operating system.
Successfully exploiting this issue allows remote attackers to crash the affected device, denying service to legitimate users.
This issue is being tracked by Cisco Bug ID CSCtc12426
| VAR-201208-0702 | CVE-2012-1357 |
Cisco Nexus Device Remote Denial of Service Vulnerability
Related entries in the VARIoT exploits database: VAR-E-201208-0950 |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
The igmp_snoop_orib_fill_source_update function in the IGMP process in NX-OS 5.0 and 5.1 on Cisco Nexus 5000 series switches allows remote attackers to cause a denial of service (device reload) via IGMP packets, aka Bug ID CSCts46521. The Cisco Nexus Series switches are data center switches. Adopt the Cisco Nexus OS operating system. The attacker can perform a denial of service attack through IGMP messages, which can cause device overload