ID

VAR-201208-0421


CVE

CVE-2012-4147


TITLE

Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-003635

DESCRIPTION

Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Adobe Reader: Multiple vulnerabilities Date: August 22, 2013 Bugs: #431732, #451058, #469960 ID: 201308-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Background ========== Adobe Reader is a closed-source PDF reader. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.5.5 >= 9.5.5 Description =========== Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. A local attacker could gain privileges via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5" References ========== [ 1 ] CVE-2012-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525 [ 2 ] CVE-2012-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530 [ 3 ] CVE-2012-2049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049 [ 4 ] CVE-2012-2050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050 [ 5 ] CVE-2012-2051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051 [ 6 ] CVE-2012-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147 [ 7 ] CVE-2012-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748 [ 8 ] CVE-2012-4149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149 [ 9 ] CVE-2012-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150 [ 10 ] CVE-2012-4151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151 [ 11 ] CVE-2012-4152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152 [ 12 ] CVE-2012-4153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153 [ 13 ] CVE-2012-4154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154 [ 14 ] CVE-2012-4155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155 [ 15 ] CVE-2012-4156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156 [ 16 ] CVE-2012-4157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157 [ 17 ] CVE-2012-4158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158 [ 18 ] CVE-2012-4159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159 [ 19 ] CVE-2012-4160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160 [ 20 ] CVE-2012-4363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363 [ 21 ] CVE-2013-0601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601 [ 22 ] CVE-2013-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602 [ 23 ] CVE-2013-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603 [ 24 ] CVE-2013-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604 [ 25 ] CVE-2013-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605 [ 26 ] CVE-2013-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606 [ 27 ] CVE-2013-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607 [ 28 ] CVE-2013-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608 [ 29 ] CVE-2013-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609 [ 30 ] CVE-2013-0610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610 [ 31 ] CVE-2013-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611 [ 32 ] CVE-2013-0612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612 [ 33 ] CVE-2013-0613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613 [ 34 ] CVE-2013-0614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614 [ 35 ] CVE-2013-0615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615 [ 36 ] CVE-2013-0616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616 [ 37 ] CVE-2013-0617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617 [ 38 ] CVE-2013-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618 [ 39 ] CVE-2013-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619 [ 40 ] CVE-2013-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620 [ 41 ] CVE-2013-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621 [ 42 ] CVE-2013-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622 [ 43 ] CVE-2013-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623 [ 44 ] CVE-2013-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624 [ 45 ] CVE-2013-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626 [ 46 ] CVE-2013-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627 [ 47 ] CVE-2013-0640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640 [ 48 ] CVE-2013-0641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641 [ 49 ] CVE-2013-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549 [ 50 ] CVE-2013-2550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550 [ 51 ] CVE-2013-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718 [ 52 ] CVE-2013-2719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719 [ 53 ] CVE-2013-2720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720 [ 54 ] CVE-2013-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721 [ 55 ] CVE-2013-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722 [ 56 ] CVE-2013-2723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723 [ 57 ] CVE-2013-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724 [ 58 ] CVE-2013-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725 [ 59 ] CVE-2013-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726 [ 60 ] CVE-2013-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727 [ 61 ] CVE-2013-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729 [ 62 ] CVE-2013-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730 [ 63 ] CVE-2013-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731 [ 64 ] CVE-2013-2732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732 [ 65 ] CVE-2013-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733 [ 66 ] CVE-2013-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734 [ 67 ] CVE-2013-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735 [ 68 ] CVE-2013-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736 [ 69 ] CVE-2013-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737 [ 70 ] CVE-2013-3337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337 [ 71 ] CVE-2013-3338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338 [ 72 ] CVE-2013-3339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339 [ 73 ] CVE-2013-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340 [ 74 ] CVE-2013-3341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341 [ 75 ] CVE-2013-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201308-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50281 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50281/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50281 RELEASE DATE: 2012-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/50281/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50281/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50281 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause a stack-based buffer overflow. 2) An unspecified error can be exploited to cause a buffer overflow. 3) An unspecified error can be exploited to corrupt memory. 4) Another unspecified error can be exploited to corrupt memory. 5) Another unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to cause a heap-based buffer overflow. 7) Multiple unspecified errors can be exploited to corrupt memory. 8) Two unspecified errors can be exploited to corrupt memory. Note: Vulnerability #8 affects the Macintosh platform only. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Pavel Polischouk, TELUS Security Labs 2) An anonymous person via Beyond Security 3) Mateusz Jurczyk, Google Security Team 4, 8) James Quirk 5) John Leitch, Microsoft 6) Nicolas Gr\xe9goire via iDefense 7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb12-16.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2012-4147 // JVNDB: JVNDB-2012-003635 // BID: 55006 // VULHUB: VHN-57428 // PACKETSTORM: 122930 // PACKETSTORM: 115524

AFFECTED PRODUCTS

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 1.9

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 1.9

vendor:adobemodel:acrobat readerscope:eqversion:10.0.3

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.0.2

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.0.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.0

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.7

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.6

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.5.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.5

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.5

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.4

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:9.4

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 1.3

vendor:adobemodel:acrobat readerscope:eqversion:9.1.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.7

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.5.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.1.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.1.1

Trust: 1.0

vendor:adobemodel:acrobatscope:lteversion:9.5.1 9.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:lteversion:x (10.1.3) 10.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:lteversion:9.5.1 9.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:lteversion:x (10.1.3) 10.x (windows and macintosh)

Trust: 0.8

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.7

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.6

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.5.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.5

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.5

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

sources: BID: 55006 // JVNDB: JVNDB-2012-003635 // CNNVD: CNNVD-201208-246 // NVD: CVE-2012-4147

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-4147
value: HIGH

Trust: 1.0

NVD: CVE-2012-4147
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-246
value: CRITICAL

Trust: 0.6

VULHUB: VHN-57428
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-4147
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-57428
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-57428 // JVNDB: JVNDB-2012-003635 // CNNVD: CNNVD-201208-246 // NVD: CVE-2012-4147

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-57428 // JVNDB: JVNDB-2012-003635 // NVD: CVE-2012-4147

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-246

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201208-246

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-003635

PATCH

title:APSB12-16url:http://www.adobe.com/support/security/bulletins/apsb12-16.html

Trust: 0.8

title:APSB12-16 (cq08100817)url:http://helpx.adobe.com/jp/acrobat/kb/cq08100817.html

Trust: 0.8

title:APSB12-16url:http://www.adobe.com/jp/support/security/bulletins/apsb12-16.html

Trust: 0.8

title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20120816.html

Trust: 0.8

title:AcrobatUpd1014url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44040

Trust: 0.6

title:AdbeRdrUpd952_all_ppcurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44044

Trust: 0.6

title:AcroProUpd952_allurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44039

Trust: 0.6

title:AdbeRdrUpd952_all_i386url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44043

Trust: 0.6

title:AcrobatUpd1014url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=44038

Trust: 0.6

sources: JVNDB: JVNDB-2012-003635 // CNNVD: CNNVD-201208-246

EXTERNAL IDS

db:NVDid:CVE-2012-4147

Trust: 2.9

db:JVNDBid:JVNDB-2012-003635

Trust: 0.8

db:CNNVDid:CNNVD-201208-246

Trust: 0.7

db:SECUNIAid:50281

Trust: 0.7

db:NSFOCUSid:20325

Trust: 0.6

db:BIDid:55006

Trust: 0.4

db:VULHUBid:VHN-57428

Trust: 0.1

db:PACKETSTORMid:122930

Trust: 0.1

db:PACKETSTORMid:115524

Trust: 0.1

sources: VULHUB: VHN-57428 // BID: 55006 // JVNDB: JVNDB-2012-003635 // PACKETSTORM: 122930 // PACKETSTORM: 115524 // CNNVD: CNNVD-201208-246 // NVD: CVE-2012-4147

REFERENCES

url:http://www.adobe.com/support/security/bulletins/apsb12-16.html

Trust: 1.8

url:http://security.gentoo.org/glsa/glsa-201308-03.xml

Trust: 1.2

url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15949

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-4147

Trust: 0.8

url:https://www.jpcert.or.jp/at/2012/at120023.txt

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-4147

Trust: 0.8

url:http://www.npa.go.jp/cyberpolice/#topics

Trust: 0.8

url:http://secunia.com/advisories/50281

Trust: 0.6

url:http://www.nsfocus.net/vulndb/20325

Trust: 0.6

url:http://www.adobe.com

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2012-4363

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4160

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3338

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4147

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4149

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0626

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4152

Trust: 0.1

url:http://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2729

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4160

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2718

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0605

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0611

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4159

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2719

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2722

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4147

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0624

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4152

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2051

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0620

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2725

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0602

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2721

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0603

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1525

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0607

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0617

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4151

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0605

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0601

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1525

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3340

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2735

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0607

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0606

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0618

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2726

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2737

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4156

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2549

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4154

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4363

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2727

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0602

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4157

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1530

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4159

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0622

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2734

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4157

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4153

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4150

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3339

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4156

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3342

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0641

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2051

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0610

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2731

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0623

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2049

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4149

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2733

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2736

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4748

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4748

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4158

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3337

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2050

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2720

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0606

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0614

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1530

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2730

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0616

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4151

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0608

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0619

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0627

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4150

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-4154

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0603

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0609

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3341

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0604

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2550

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0604

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0640

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4155

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2049

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2732

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2724

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0612

Trust: 0.1

url:http://security.gentoo.org/

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0613

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2723

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2050

Trust: 0.1

url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0621

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2013-0601

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/50281/#comments

Trust: 0.1

url:http://secunia.com/advisories/50281/

Trust: 0.1

url:http://secunia.com/csi6beta

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50281

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

sources: VULHUB: VHN-57428 // BID: 55006 // JVNDB: JVNDB-2012-003635 // PACKETSTORM: 122930 // PACKETSTORM: 115524 // CNNVD: CNNVD-201208-246 // NVD: CVE-2012-4147

CREDITS

James Quirk of Los Alamos, New Mexico

Trust: 0.3

sources: BID: 55006

SOURCES

db:VULHUBid:VHN-57428
db:BIDid:55006
db:JVNDBid:JVNDB-2012-003635
db:PACKETSTORMid:122930
db:PACKETSTORMid:115524
db:CNNVDid:CNNVD-201208-246
db:NVDid:CVE-2012-4147

LAST UPDATE DATE

2024-11-23T21:28:42.865000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-57428date:2017-09-19T00:00:00
db:BIDid:55006date:2013-08-26T06:14:00
db:JVNDBid:JVNDB-2012-003635date:2012-08-21T00:00:00
db:CNNVDid:CNNVD-201208-246date:2012-08-16T00:00:00
db:NVDid:CVE-2012-4147date:2024-11-21T01:42:16.347

SOURCES RELEASE DATE

db:VULHUBid:VHN-57428date:2012-08-15T00:00:00
db:BIDid:55006date:2012-08-14T00:00:00
db:JVNDBid:JVNDB-2012-003635date:2012-08-17T00:00:00
db:PACKETSTORMid:122930date:2013-08-23T06:29:02
db:PACKETSTORMid:115524date:2012-08-14T04:36:45
db:CNNVDid:CNNVD-201208-246date:2012-08-16T00:00:00
db:NVDid:CVE-2012-4147date:2012-08-15T10:31:41.117