Details of VAR-201010-0410

ID

VAR-201010-0410

CVE

CVE-2010-3623

TITLE

Apple Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2010-002154

DESCRIPTION

Adobe Reader and Acrobat 8.x before 8.2.5 and 9.x before 9.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Acrobat and Reader are prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Adobe Reader and Acrobat versions prior to and including 9.3.4 and 8.2.4 are affected. I. An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in, which can automatically open PDF documents hosted on a website, is available for multiple web browsers and operating systems. Additional information is available in US-CERT Vulnerability Note VU#491991. II. Impact These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file. III. Solution Update Adobe has released updates to address this issue. Disable JavaScript in Adobe Reader and Acrobat Disabling JavaScript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript). Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this feature may be useful when specific APIs are known to be vulnerable or used in attacks. Prevent Internet Explorer from automatically opening PDF files The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Disable the display of PDF files in the web browser Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied, it may also mitigate future vulnerabilities. To prevent PDF files from automatically being opened in a web browser, do the following: 1. 2. Open the Edit menu. 3. Choose the Preferences option. 4. Choose the Internet section. 5. Uncheck the "Display PDF in browser" checkbox. Do not access PDF files from untrusted sources Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. IV. References * Security update available for Adobe Reader and Acrobat - <http://www.adobe.com/support/security/bulletins/apsb10-21.html> * US-CERT Vulnerability Note VU#491991 - <http://www.kb.cert.org/vuls/id/491991> * Adobe Reader and Acrobat JavaScript Blacklist Framework - <http://kb2.adobe.com/cps/504/cpsid_50431.html> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA10-279A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA10-279A Feedback VU#491991" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2010 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History October 06, 2010: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTKxxvD6pPKYJORa3AQIL3wgAp2tynQw73VA+B70fuEl+os17BeVaP8zn 5aoWS6QBRx+Q8Ijw1wnKT1sF4IWaDWTWqPo0yt6MLx8WwO2ei8WaB+aMOwy9ZBo3 BbCOPSM63/3jBrJuCDs4x2PhZDzg2GJf4Zw8NN2oCSOXMxYGhx16QQzo2lY35CBJ cvCSiLtNQuqpnvNMi2DJhArwxStK9Un2fli7IqwXzC6+RIgrk1l/EAM/6CO2+AwJ Se0bDWBjwR5YverLEXoLuBbF0lHvQ0+V/vT5Q/zBDYUwcWkBL2n7NwdbKI9pYZxL 8Te7YapqAnMNgI1/PnYI/W369Vq3U6QoQVVR9ZoyLGw8x0A57cpU2g== =Rc0h -----END PGP SIGNATURE-----

Trust: 2.07

sources: NVD: CVE-2010-3623 // JVNDB: JVNDB-2010-002154 // BID: 43731 // VULHUB: VHN-46228 // PACKETSTORM: 94535

AFFECTED PRODUCTS

vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.4	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.3	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.6	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.1	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.5	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.2	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1	Trust: 1.6
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.0	Trust: 1.6
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2.4	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.1	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.2	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.3	Trust: 1.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.2	Trust: 1.3
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.2.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.5	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.3.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.2.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.3.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.3.4	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.3	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.0	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.1.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.6	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.3.2	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.3	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.2.2	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.2.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	eq	version:	9.3.4	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.1	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.0	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	8.1.7	Trust: 1.0
vendor:	adobe	model:	acrobat reader	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	adobe	model:	acrobat	scope:	lte	version:	9.3.4	Trust: 0.8
vendor:	adobe	model:	reader	scope:	lte	version:	9.3.4	Trust: 0.8
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	ne	version:	11.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.2.2	Trust: 0.3
vendor:	suse	model:	linux enterprise sp3	scope:	eq	version:	10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	8.2.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.8	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.2.4	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	ne	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	ne	version:	11.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.5	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.7	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.2.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.2.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop	scope:	ne	version:	11	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	8.2.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.2.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.8	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	ne	version:	10	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.2.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	8.1.8	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	suse	model:	moblin	scope:	eq	version:	2.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	ne	version:	9.4	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional security updat	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.2.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.9	Trust: 0.3
vendor:	suse	model:	linux enterprise sp1	scope:	eq	version:	11	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	8.2.5	Trust: 0.3
vendor:	suse	model:	linux enterprise	scope:	eq	version:	11	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.7	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	adobe	model:	reader security updat	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.2.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.8	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	ne	version:	11.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	ne	version:	9.4	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.3.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.1	Trust: 0.3
vendor:	suse	model:	moblin	scope:	eq	version:	2.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.7	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.0	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.1.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.2.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.7	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	9.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0.9	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp1	scope:	ne	version:	11	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	ne	version:	8.2.5	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0.6	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.3	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	9.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.6	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.1.1	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.5	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.1	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.1.3	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	8.1.1	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.2.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	9.3.4	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	8.1.2	Trust: 0.3
vendor:	adobe	model:	acrobat standard	scope:	eq	version:	7.0	Trust: 0.3
vendor:	suse	model:	opensuse	scope:	eq	version:	11.3	Trust: 0.3
vendor:	adobe	model:	acrobat	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	adobe	model:	acrobat professional	scope:	eq	version:	7.0.2	Trust: 0.3
vendor:	adobe	model:	reader	scope:	eq	version:	7.0.9	Trust: 0.3

sources: BID: 43731 // JVNDB: JVNDB-2010-002154 // CNNVD: CNNVD-201010-050 // NVD: CVE-2010-3623

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2010-3623
value:	HIGH
Trust: 1.0
NVD:	CVE-2010-3623
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201010-050
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-46228
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2010-3623
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-46228
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-46228 // JVNDB: JVNDB-2010-002154 // CNNVD: CNNVD-201010-050 // NVD: CVE-2010-3623

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-46228 // JVNDB: JVNDB-2010-002154 // NVD: CVE-2010-3623

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201010-050

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201010-050

CONFIGURATIONS

sources: JVNDB: JVNDB-2010-002154

PATCH

title:	APSB10-21	url:	http://www.adobe.com/support/security/bulletins/apsb10-21.html	Trust: 0.8
title:	APSB10-21	url:	http://www.adobe.com/jp/support/security/bulletins/apsb10-21.html	Trust: 0.8
title:	TA10-279A	url:	http://software.fujitsu.com/jp/security/vulnerabilities/ta10-279a.html	Trust: 0.8

sources: JVNDB: JVNDB-2010-002154

EXTERNAL IDS

db:	NVD	id:	CVE-2010-3623	Trust: 2.8
db:	USCERT	id:	TA10-279A	Trust: 2.0
db:	BID	id:	43731	Trust: 1.2
db:	USCERT	id:	SA10-279A	Trust: 0.8
db:	VUPEN	id:	ADV-2010-2573	Trust: 0.8
db:	JVNDB	id:	JVNDB-2010-002154	Trust: 0.8
db:	CNNVD	id:	CNNVD-201010-050	Trust: 0.7
db:	VULHUB	id:	VHN-46228	Trust: 0.1
db:	CERT/CC	id:	VU#491991	Trust: 0.1
db:	PACKETSTORM	id:	94535	Trust: 0.1

sources: VULHUB: VHN-46228 // BID: 43731 // JVNDB: JVNDB-2010-002154 // PACKETSTORM: 94535 // CNNVD: CNNVD-201010-050 // NVD: CVE-2010-3623

REFERENCES

url:	http://www.adobe.com/support/security/bulletins/apsb10-21.html	Trust: 2.0
url:	http://www.us-cert.gov/cas/techalerts/ta10-279a.html	Trust: 1.9
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a14129	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html	Trust: 1.1
url:	http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2010-3623	Trust: 0.8
url:	http://www.ipa.go.jp/security/ciadr/vul/20101006-adobe.html	Trust: 0.8
url:	http://www.jpcert.or.jp/at/2010/at100026.txt	Trust: 0.8
url:	http://jvn.jp/cert/jvnta10-279a	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2010-3623	Trust: 0.8
url:	http://www.securityfocus.com/bid/43731	Trust: 0.8
url:	http://www.us-cert.gov/cas/alerts/sa10-279a.html	Trust: 0.8
url:	http://www.vupen.com/english/advisories/2010/2573	Trust: 0.8
url:	http://www.npa.go.jp/cyberpolice/#topics	Trust: 0.8
url:	http://www.adobe.com	Trust: 0.3
url:	http://www.kb.cert.org/vuls/id/491991>	Trust: 0.1
url:	http://www.us-cert.gov/cas/techalerts/ta10-279a.html>	Trust: 0.1
url:	http://kb2.adobe.com/cps/504/cpsid_50431.html>	Trust: 0.1
url:	http://www.adobe.com/support/security/bulletins/apsb10-21.html>	Trust: 0.1
url:	http://www.us-cert.gov/cas/signup.html>.	Trust: 0.1
url:	http://www.us-cert.gov/legal.html>	Trust: 0.1

sources: VULHUB: VHN-46228 // BID: 43731 // JVNDB: JVNDB-2010-002154 // PACKETSTORM: 94535 // CNNVD: CNNVD-201010-050 // NVD: CVE-2010-3623

CREDITS

James Quirk

Trust: 0.9

sources: BID: 43731 // CNNVD: CNNVD-201010-050

SOURCES

db:	VULHUB	id:	VHN-46228
db:	BID	id:	43731
db:	JVNDB	id:	JVNDB-2010-002154
db:	PACKETSTORM	id:	94535
db:	CNNVD	id:	CNNVD-201010-050
db:	NVD	id:	CVE-2010-3623

LAST UPDATE DATE

2024-11-23T21:30:45.184000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-46228	date:	2017-09-19T00:00:00
db:	BID	id:	43731	date:	2015-03-19T09:14:00
db:	JVNDB	id:	JVNDB-2010-002154	date:	2010-10-20T00:00:00
db:	CNNVD	id:	CNNVD-201010-050	date:	2010-10-11T00:00:00
db:	NVD	id:	CVE-2010-3623	date:	2024-11-21T01:19:15

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-46228	date:	2010-10-06T00:00:00
db:	BID	id:	43731	date:	2010-10-05T00:00:00
db:	JVNDB	id:	JVNDB-2010-002154	date:	2010-10-20T00:00:00
db:	PACKETSTORM	id:	94535	date:	2010-10-06T21:20:41
db:	CNNVD	id:	CNNVD-201010-050	date:	2010-10-09T00:00:00
db:	NVD	id:	CVE-2010-3623	date:	2010-10-06T17:00:16.453