Sign-up

ID

VAR-201208-0728


CVE

CVE-2012-2050


TITLE

Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to buffer overflow

Trust: 0.8

sources: JVNDB: JVNDB-2012-003633

DESCRIPTION

Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allows attackers to execute arbitrary code via unspecified vectors. Adobe Acrobat and Reader are prone to a remote buffer-overflow vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201308-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Adobe Reader: Multiple vulnerabilities Date: August 22, 2013 Bugs: #431732, #451058, #469960 ID: 201308-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities have been found in Adobe Reader, including potential remote execution of arbitrary code and local privilege escalation. Background ========== Adobe Reader is a closed-source PDF reader. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-text/acroread < 9.5.5 >= 9.5.5 Description =========== Multiple vulnerabilities have been discovered in Adobe Reader. Please review the CVE identifiers referenced below for details. Impact ====== A remote attacker could entice a user to open a specially crafted PDF file, possibly resulting in arbitrary code execution or a Denial of Service condition. A local attacker could gain privileges via unspecified vectors. Workaround ========== There is no known workaround at this time. Resolution ========== All Adobe Reader users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5" References ========== [ 1 ] CVE-2012-1525 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525 [ 2 ] CVE-2012-1530 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530 [ 3 ] CVE-2012-2049 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049 [ 4 ] CVE-2012-2050 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050 [ 5 ] CVE-2012-2051 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051 [ 6 ] CVE-2012-4147 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147 [ 7 ] CVE-2012-4148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748 [ 8 ] CVE-2012-4149 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149 [ 9 ] CVE-2012-4150 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150 [ 10 ] CVE-2012-4151 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151 [ 11 ] CVE-2012-4152 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152 [ 12 ] CVE-2012-4153 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153 [ 13 ] CVE-2012-4154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154 [ 14 ] CVE-2012-4155 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155 [ 15 ] CVE-2012-4156 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156 [ 16 ] CVE-2012-4157 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157 [ 17 ] CVE-2012-4158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158 [ 18 ] CVE-2012-4159 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159 [ 19 ] CVE-2012-4160 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160 [ 20 ] CVE-2012-4363 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363 [ 21 ] CVE-2013-0601 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601 [ 22 ] CVE-2013-0602 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602 [ 23 ] CVE-2013-0603 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603 [ 24 ] CVE-2013-0604 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604 [ 25 ] CVE-2013-0605 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605 [ 26 ] CVE-2013-0606 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606 [ 27 ] CVE-2013-0607 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607 [ 28 ] CVE-2013-0608 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608 [ 29 ] CVE-2013-0609 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609 [ 30 ] CVE-2013-0610 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610 [ 31 ] CVE-2013-0611 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611 [ 32 ] CVE-2013-0612 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612 [ 33 ] CVE-2013-0613 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613 [ 34 ] CVE-2013-0614 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614 [ 35 ] CVE-2013-0615 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615 [ 36 ] CVE-2013-0616 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616 [ 37 ] CVE-2013-0617 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617 [ 38 ] CVE-2013-0618 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618 [ 39 ] CVE-2013-0619 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619 [ 40 ] CVE-2013-0620 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620 [ 41 ] CVE-2013-0621 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621 [ 42 ] CVE-2013-0622 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622 [ 43 ] CVE-2013-0623 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623 [ 44 ] CVE-2013-0624 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624 [ 45 ] CVE-2013-0626 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626 [ 46 ] CVE-2013-0627 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627 [ 47 ] CVE-2013-0640 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640 [ 48 ] CVE-2013-0641 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641 [ 49 ] CVE-2013-2549 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549 [ 50 ] CVE-2013-2550 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550 [ 51 ] CVE-2013-2718 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718 [ 52 ] CVE-2013-2719 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719 [ 53 ] CVE-2013-2720 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720 [ 54 ] CVE-2013-2721 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721 [ 55 ] CVE-2013-2722 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722 [ 56 ] CVE-2013-2723 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723 [ 57 ] CVE-2013-2724 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724 [ 58 ] CVE-2013-2725 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725 [ 59 ] CVE-2013-2726 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726 [ 60 ] CVE-2013-2727 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727 [ 61 ] CVE-2013-2729 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729 [ 62 ] CVE-2013-2730 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730 [ 63 ] CVE-2013-2731 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731 [ 64 ] CVE-2013-2732 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732 [ 65 ] CVE-2013-2733 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733 [ 66 ] CVE-2013-2734 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734 [ 67 ] CVE-2013-2735 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735 [ 68 ] CVE-2013-2736 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736 [ 69 ] CVE-2013-2737 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737 [ 70 ] CVE-2013-3337 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337 [ 71 ] CVE-2013-3338 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338 [ 72 ] CVE-2013-3339 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339 [ 73 ] CVE-2013-3340 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340 [ 74 ] CVE-2013-3341 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341 [ 75 ] CVE-2013-3342 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-201308-03.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2013 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5 . ---------------------------------------------------------------------- The new Secunia CSI 6.0 is now available in beta! Seamless integration with your existing security solutions Sign-up to become a Beta tester: http://secunia.com/csi6beta ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA50281 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/50281/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=50281 RELEASE DATE: 2012-08-14 DISCUSS ADVISORY: http://secunia.com/advisories/50281/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/50281/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=50281 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to compromise a user's system. 1) An unspecified error can be exploited to cause a stack-based buffer overflow. 2) An unspecified error can be exploited to cause a buffer overflow. 3) An unspecified error can be exploited to corrupt memory. 4) Another unspecified error can be exploited to corrupt memory. 5) Another unspecified error can be exploited to corrupt memory. 6) An unspecified error can be exploited to cause a heap-based buffer overflow. 7) Multiple unspecified errors can be exploited to corrupt memory. 8) Two unspecified errors can be exploited to corrupt memory. Note: Vulnerability #8 affects the Macintosh platform only. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. SOLUTION: Apply updates. Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ PROVIDED AND/OR DISCOVERED BY: 1) Pavel Polischouk, TELUS Security Labs 2) An anonymous person via Beyond Security 3) Mateusz Jurczyk, Google Security Team 4, 8) James Quirk 5) John Leitch, Microsoft 6) Nicolas Gr\xe9goire via iDefense 7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team ORIGINAL ADVISORY: http://www.adobe.com/support/security/bulletins/apsb12-16.html OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 2.16

sources: NVD: CVE-2012-2050 // JVNDB: JVNDB-2012-003633 // BID: 55026 // VULHUB: VHN-55331 // PACKETSTORM: 122930 // PACKETSTORM: 115524

AFFECTED PRODUCTS

vendor:adobemodel:acrobat readerscope:eqversion:9.1.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.2

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:9.1.2

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.4.3

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:9.3.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.1.3

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.4.4

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.4.1

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.4.2

Trust: 1.6

vendor:adobemodel:acrobat readerscope:eqversion:9.1.2

Trust: 1.6

vendor:adobemodel:acrobatscope:eqversion:10.1.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.3

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.2

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0.1

Trust: 1.3

vendor:adobemodel:acrobatscope:eqversion:10.0

Trust: 1.3

vendor:adobemodel:acrobat readerscope:eqversion:10.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.7

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.4

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1.3

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.5

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.5.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.1.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.1

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.2

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.3.2

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.4.7

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3.4

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.4.6

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:10.0.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.1

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.5

Trust: 1.0

vendor:adobemodel:acrobat readerscope:eqversion:9.0

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.3

Trust: 1.0

vendor:adobemodel:acrobatscope:eqversion:9.5.1

Trust: 1.0

vendor:adobemodel:acrobatscope:lteversion:9.5.1 9.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:acrobatscope:lteversion:x (10.1.3) 10.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:lteversion:9.5.1 9.x (windows and macintosh)

Trust: 0.8

vendor:adobemodel:readerscope:lteversion:x (10.1.3) 10.x (windows and macintosh)

Trust: 0.8

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.7

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.6

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.5.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.5

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.5

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:9.4

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.3

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.2

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0.1

Trust: 0.3

vendor:adobemodel:readerscope:eqversion:10.0

Trust: 0.3

sources: BID: 55026 // JVNDB: JVNDB-2012-003633 // CNNVD: CNNVD-201208-244 // NVD: CVE-2012-2050

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-2050
value: HIGH

Trust: 1.0

NVD: CVE-2012-2050
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201208-244
value: CRITICAL

Trust: 0.6

VULHUB: VHN-55331
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2012-2050
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-55331
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-55331 // JVNDB: JVNDB-2012-003633 // CNNVD: CNNVD-201208-244 // NVD: CVE-2012-2050

PROBLEMTYPE DATA

problemtype:CWE-119

Trust: 1.9

sources: VULHUB: VHN-55331 // JVNDB: JVNDB-2012-003633 // NVD: CVE-2012-2050

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201208-244

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201208-244

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-003633

PATCH
title:APSB12-16url:http://www.adobe.com/support/security/bulletins/apsb12-16.html
Trust: 0.8
title:APSB12-16 (cq08100817)url:http://helpx.adobe.com/jp/acrobat/kb/cq08100817.html
Trust: 0.8
title:APSB12-16url:http://www.adobe.com/jp/support/security/bulletins/apsb12-16.html
Trust: 0.8
title:アドビ システムズ社 Adobe Reader の脆弱性に関するお知らせurl:http://www.fmworld.net/biz/common/adobe/20120816.html
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-003633

EXTERNAL IDS
db:NVDid:CVE-2012-2050
Trust: 2.9
db:JVNDBid:JVNDB-2012-003633
Trust: 0.8
db:CNNVDid:CNNVD-201208-244
Trust: 0.7
db:SECUNIAid:50281
Trust: 0.7
db:NSFOCUSid:20327
Trust: 0.6
db:BIDid:55026
Trust: 0.4
db:VULHUBid:VHN-55331
Trust: 0.1
db:PACKETSTORMid:122930
Trust: 0.1
db:PACKETSTORMid:115524
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55331 // 
            
            
            
            BID: 55026 // 
            
            
            
            JVNDB: JVNDB-2012-003633 // 
            
            
            
            PACKETSTORM: 122930 // 
            
            
            
            PACKETSTORM: 115524 // 
            
            
            
            CNNVD: CNNVD-201208-244 // 
            
            
            
            NVD: CVE-2012-2050

REFERENCES
url:http://www.adobe.com/support/security/bulletins/apsb12-16.html
Trust: 1.8
url:http://security.gentoo.org/glsa/glsa-201308-03.xml
Trust: 1.2
url:https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a15469
Trust: 1.1
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-2050
Trust: 0.8
url:https://www.jpcert.or.jp/at/2012/at120023.txt
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-2050
Trust: 0.8
url:http://www.npa.go.jp/cyberpolice/#topics
Trust: 0.8
url:http://secunia.com/advisories/50281
Trust: 0.6
url:http://www.nsfocus.net/vulndb/20327
Trust: 0.6
url:http://www.adobe.com
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2012-4363
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4160
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3338
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4147
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4155
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4149
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0626
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4152
Trust: 0.1
url:http://creativecommons.org/licenses/by-sa/2.5
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2729
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4160
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2718
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0605
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0611
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4159
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2719
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2722
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4147
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0624
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4152
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-2051
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0620
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2725
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0602
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2721
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0603
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1525
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4153
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0607
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0617
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4151
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0615
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0605
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0601
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1525
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3340
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2735
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0607
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0606
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0618
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2726
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2737
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4156
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2549
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4158
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4154
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4363
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2727
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0608
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0602
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4157
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-1530
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4159
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0622
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2734
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4157
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4153
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4150
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3339
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4156
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3342
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0641
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2051
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0610
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2731
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0623
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-2049
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4149
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2733
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2736
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4748
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4748
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4158
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3337
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2050
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2720
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0606
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0614
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-1530
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2730
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0616
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4151
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0608
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0619
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0627
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4150
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-4154
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0603
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0609
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-3341
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0604
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2550
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0604
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0640
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-4155
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-2049
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2732
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2724
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0612
Trust: 0.1
url:http://security.gentoo.org/
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0613
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-2723
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2012-2050
Trust: 0.1
url:http://nvd.nist.gov/nvd.cfm?cvename=cve-2013-0621
Trust: 0.1
url:https://bugs.gentoo.org.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-0601
Trust: 0.1
url:http://secunia.com/vulnerability_intelligence/
Trust: 0.1
url:http://secunia.com/advisories/secunia_security_advisories/
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
Trust: 0.1
url:http://secunia.com/advisories/50281/#comments
Trust: 0.1
url:http://secunia.com/advisories/50281/
Trust: 0.1
url:http://secunia.com/csi6beta
Trust: 0.1
url:https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
Trust: 0.1
url:http://secunia.com/vulnerability_scanning/personal/
Trust: 0.1
url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
Trust: 0.1
url:http://secunia.com/advisories/about_secunia_advisories/
Trust: 0.1
sources:
            
            
            VULHUB: VHN-55331 // 
            
            
            
            BID: 55026 // 
            
            
            
            JVNDB: JVNDB-2012-003633 // 
            
            
            
            PACKETSTORM: 122930 // 
            
            
            
            PACKETSTORM: 115524 // 
            
            
            
            CNNVD: CNNVD-201208-244 // 
            
            
            
            NVD: CVE-2012-2050

CREDITS
An anonymous contributor working with Beyond Security's SecuriTeam Secure Disclosure Program.
Trust: 0.3
sources:
            
            
            BID: 55026

SOURCES
db:VULHUBid:VHN-55331
db:BIDid:55026
db:JVNDBid:JVNDB-2012-003633
db:PACKETSTORMid:122930
db:PACKETSTORMid:115524
db:CNNVDid:CNNVD-201208-244
db:NVDid:CVE-2012-2050

LAST UPDATE DATE
2024-11-23T21:21:13.641000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-55331date:2017-09-19T00:00:00
db:BIDid:55026date:2013-08-26T00:17:00
db:JVNDBid:JVNDB-2012-003633date:2012-08-21T00:00:00
db:CNNVDid:CNNVD-201208-244date:2012-08-16T00:00:00
db:NVDid:CVE-2012-2050date:2024-11-21T01:38:23.370

SOURCES RELEASE DATE
db:VULHUBid:VHN-55331date:2012-08-15T00:00:00
db:BIDid:55026date:2012-08-14T00:00:00
db:JVNDBid:JVNDB-2012-003633date:2012-08-17T00:00:00
db:PACKETSTORMid:122930date:2013-08-23T06:29:02
db:PACKETSTORMid:115524date:2012-08-14T04:36:45
db:CNNVDid:CNNVD-201208-244date:2012-08-16T00:00:00
db:NVDid:CVE-2012-2050date:2012-08-15T10:31:41.007