VARIoT IoT vulnerabilities database
| VAR-201208-0443 | CVE-2012-4155 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0442 | CVE-2012-4154 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0441 | CVE-2012-4153 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0440 | CVE-2012-4158 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0437 | CVE-2012-4162 | Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4161. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0436 | CVE-2012-4161 | Mac OS X Run on Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 7.5 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-4162. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0439 | CVE-2012-4157 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0438 | CVE-2012-4156 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0435 | CVE-2012-4160 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4159.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0434 | CVE-2012-4159 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0433 | CVE-2012-4152 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0432 | CVE-2012-4151 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0430 | CVE-2012-4149 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0431 | CVE-2012-4150 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0422 | CVE-2012-4148 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4147, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. Adobe Reader is a free PDF file reader, and Acrobat is a PDF file editing and conversion tool. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0421 | CVE-2012-4147 | Windows and Mac OS X upper Adobe Reader and Acrobat Vulnerable to arbitrary code execution |
CVSS V2: 10.0 CVSS V3: - Severity: HIGH |
Adobe Reader and Acrobat 9.x before 9.5.2 and 10.x before 10.1.4 on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2012-2051, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, and CVE-2012-4160.
Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
http://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: Adobe Reader: Multiple vulnerabilities
Date: August 22, 2013
Bugs: #431732, #451058, #469960
ID: 201308-03
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
========
Multiple vulnerabilities have been found in Adobe Reader, including
potential remote execution of arbitrary code and local privilege
escalation.
Background
==========
Adobe Reader is a closed-source PDF reader.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.5 >= 9.5.5
Description
===========
Multiple vulnerabilities have been discovered in Adobe Reader. Please
review the CVE identifiers referenced below for details. A local attacker could gain privileges via
unspecified vectors.
Workaround
==========
There is no known workaround at this time.
Resolution
==========
All Adobe Reader users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.5"
References
==========
[ 1 ] CVE-2012-1525
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1525
[ 2 ] CVE-2012-1530
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1530
[ 3 ] CVE-2012-2049
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2049
[ 4 ] CVE-2012-2050
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2050
[ 5 ] CVE-2012-2051
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2051
[ 6 ] CVE-2012-4147
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4147
[ 7 ] CVE-2012-4148
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4748
[ 8 ] CVE-2012-4149
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4149
[ 9 ] CVE-2012-4150
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4150
[ 10 ] CVE-2012-4151
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4151
[ 11 ] CVE-2012-4152
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4152
[ 12 ] CVE-2012-4153
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4153
[ 13 ] CVE-2012-4154
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4154
[ 14 ] CVE-2012-4155
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4155
[ 15 ] CVE-2012-4156
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4156
[ 16 ] CVE-2012-4157
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4157
[ 17 ] CVE-2012-4158
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4158
[ 18 ] CVE-2012-4159
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4159
[ 19 ] CVE-2012-4160
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4160
[ 20 ] CVE-2012-4363
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-4363
[ 21 ] CVE-2013-0601
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0601
[ 22 ] CVE-2013-0602
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0602
[ 23 ] CVE-2013-0603
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0603
[ 24 ] CVE-2013-0604
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0604
[ 25 ] CVE-2013-0605
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0605
[ 26 ] CVE-2013-0606
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0606
[ 27 ] CVE-2013-0607
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0607
[ 28 ] CVE-2013-0608
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0608
[ 29 ] CVE-2013-0609
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0609
[ 30 ] CVE-2013-0610
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0610
[ 31 ] CVE-2013-0611
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0611
[ 32 ] CVE-2013-0612
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0612
[ 33 ] CVE-2013-0613
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0613
[ 34 ] CVE-2013-0614
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0614
[ 35 ] CVE-2013-0615
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0615
[ 36 ] CVE-2013-0616
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0616
[ 37 ] CVE-2013-0617
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0617
[ 38 ] CVE-2013-0618
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0618
[ 39 ] CVE-2013-0619
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0619
[ 40 ] CVE-2013-0620
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0620
[ 41 ] CVE-2013-0621
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0621
[ 42 ] CVE-2013-0622
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0622
[ 43 ] CVE-2013-0623
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0623
[ 44 ] CVE-2013-0624
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0624
[ 45 ] CVE-2013-0626
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0626
[ 46 ] CVE-2013-0627
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0627
[ 47 ] CVE-2013-0640
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0640
[ 48 ] CVE-2013-0641
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0641
[ 49 ] CVE-2013-2549
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2549
[ 50 ] CVE-2013-2550
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2550
[ 51 ] CVE-2013-2718
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2718
[ 52 ] CVE-2013-2719
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2719
[ 53 ] CVE-2013-2720
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2720
[ 54 ] CVE-2013-2721
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2721
[ 55 ] CVE-2013-2722
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2722
[ 56 ] CVE-2013-2723
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2723
[ 57 ] CVE-2013-2724
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2724
[ 58 ] CVE-2013-2725
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2725
[ 59 ] CVE-2013-2726
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2726
[ 60 ] CVE-2013-2727
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2727
[ 61 ] CVE-2013-2729
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2729
[ 62 ] CVE-2013-2730
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2730
[ 63 ] CVE-2013-2731
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2731
[ 64 ] CVE-2013-2732
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2732
[ 65 ] CVE-2013-2733
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2733
[ 66 ] CVE-2013-2734
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2734
[ 67 ] CVE-2013-2735
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2735
[ 68 ] CVE-2013-2736
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2736
[ 69 ] CVE-2013-2737
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2737
[ 70 ] CVE-2013-3337
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3337
[ 71 ] CVE-2013-3338
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3338
[ 72 ] CVE-2013-3339
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3339
[ 73 ] CVE-2013-3340
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3340
[ 74 ] CVE-2013-3341
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3341
[ 75 ] CVE-2013-3342
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-3342
Availability
============
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201308-03.xml
Concerns?
=========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
=======
Copyright 2013 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Adobe Reader / Acrobat Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA50281
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50281/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50281/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50281/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50281
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
Multiple vulnerabilities have been reported in Adobe Reader and Adobe
Acrobat, which can be exploited by malicious people to compromise a
user's system.
1) An unspecified error can be exploited to cause a stack-based
buffer overflow.
2) An unspecified error can be exploited to cause a buffer overflow.
3) An unspecified error can be exploited to corrupt memory.
4) Another unspecified error can be exploited to corrupt memory.
5) Another unspecified error can be exploited to corrupt memory.
6) An unspecified error can be exploited to cause a heap-based buffer
overflow.
7) Multiple unspecified errors can be exploited to corrupt memory.
8) Two unspecified errors can be exploited to corrupt memory.
Note: Vulnerability #8 affects the Macintosh platform only.
Successful exploitation of the vulnerabilities may allow execution of
arbitrary code.
SOLUTION:
Apply updates.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
1) Pavel Polischouk, TELUS Security Labs
2) An anonymous person via Beyond Security
3) Mateusz Jurczyk, Google Security Team
4, 8) James Quirk
5) John Leitch, Microsoft
6) Nicolas Gr\xe9goire via iDefense
7) Mateusz Jurczyk and Gynvael Coldwind, Google Security Team
ORIGINAL ADVISORY:
http://www.adobe.com/support/security/bulletins/apsb12-16.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0144 | CVE-2012-3247 | HP Integrity Server Service disruption in (DoS) Vulnerabilities |
CVSS V2: 4.9 CVSS V3: - Severity: MEDIUM |
Unspecified vulnerability on the HP Integrity Server BL860c i2, BL870c i2, and BL890c i2 with firmware before 26.31 and the HP Integrity Server rx2800 i2 with firmware before 26.30 allows local users to cause a denial of service via unknown vectors. Multiple models of HP Integrity Servers are prone to a denial-of-service vulnerability.
Exploiting this issue allows remote attackers to trigger denial-of-service conditions on the affected servers. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Note: the current version of the following document is available here:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c03450553
SUPPORT COMMUNICATION - SECURITY BULLETIN
Document ID: c03450553
Version: 1
HPSBHF02804 SSRT100631 rev.1 - HP Integrity Server rx2800 i2, BL860c i2,
BL870c i2, BL890c i2, Potential Denial of Service (DoS)
NOTICE: The information in this Security Bulletin should be acted upon as
soon as possible.
References: CVE-2012-3247
SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed.
Integrity Server
Firmware version to resolve this issue
rx2800 i2
26.30 or later
bl860 i2
26.31 or later
bl870 i2
26.31 or later
bl890 i2
26.31 or later
For the rx2800 i2:
Goto www.hp.com
Click on support & drivers
Click on Drivers & Software and then search for 'rx2800 i2'
Select the appropriate server model
Click on Cross operating system (BIOS, Firmware, Diagnostics, etc.)
Click on firmware system
Select and download the firmware
For bl860 i2, bl870 i2, bl890 i2:
Goto www.hp.com
Click on support & drivers
Click on Drivers & Software and then search for 'bl860 i2', 'bl870 i2', or
'bl890 i2'
Click on Cross operating system (BIOS, Firmware, Diagnostics, etc.)
Click on firmware system
Select and download the firmware
Note: HP recommends using the most recent version of firmware provided
HISTORY
Version:1 (rev.1) - 13 August 2012 Initial release
Third Party Security Patches: Third party security patches that are to be
installed on systems running HP software products should be applied in
accordance with the customer's patch management policy.
Support: For issues about implementing the recommendations of this Security
Bulletin, contact normal HP Services support channel. For other issues about
the content of this Security Bulletin, send e-mail to security-alert@hp.com.
Report: To report a potential security vulnerability with any HP supported
product, send Email to: security-alert@hp.com
Subscribe: To initiate a subscription to receive future HP Security Bulletin
alerts via Email:
http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins
Security Bulletin List: A list of HP Security Bulletins, updated
periodically, is contained in HP Security Notice HPSN-2011-001:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/
docDisplay?docId=emr_na-c02964430
Security Bulletin Archive: A list of recently released Security Bulletins is
available here:
http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/
Software Product Category: The Software Product Category is represented in
the title by the two characters following HPSB.
3C = 3COM
3P = 3rd Party Software
GN = HP General Software
HF = HP Hardware and Firmware
MP = MPE/iX
MU = Multi-Platform Software
NS = NonStop Servers
OV = OpenVMS
PI = Printing and Imaging
PV = ProCurve
ST = Storage Software
TU = Tru64 UNIX
UX = HP-UX
Copyright 2012 Hewlett-Packard Development Company, L.P.
Hewlett-Packard Company shall not be liable for technical or editorial errors
or omissions contained herein. The information provided is provided "as is"
without warranty of any kind. To the extent permitted by law, neither HP or
its affiliates, subcontractors or suppliers will be liable for
incidental,special or consequential damages including downtime cost; lost
profits;damages relating to the procurement of substitute products or
services; or damages for loss of data, or software restoration. The
information in this document is subject to change without notice.
Hewlett-Packard Company and the names of Hewlett-Packard products referenced
herein are trademarks of Hewlett-Packard Company in the United States and
other countries. Other product and company names mentioned herein may be
trademarks of their respective owners.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAlApKw8ACgkQ4B86/C0qfVk8MwCfaXg3FslOFkEA1zsolGq4tRcn
ByYAoMJaM4qyOTnMryJQF62EgyIRdVzO
=lz3z
-----END PGP SIGNATURE-----
. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
HP Integrity Server Unspecified Denial of Service Vulnerability
SECUNIA ADVISORY ID:
SA50282
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50282/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50282
RELEASE DATE:
2012-08-14
DISCUSS ADVISORY:
http://secunia.com/advisories/50282/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50282/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50282
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in HP Integrity Servers, which can
be exploited by malicious, local users to cause a DoS (Denial of
Service).
The vulnerability is caused due to an unspecified error. No further
information is currently available.
The vulnerability is reported in BL860c i2, BL870c i2, and BL890c i2
firmware version 26.11 and prior and in rx2800 i2 firmware version
26.21 and prior.
SOLUTION:
Update to a fixed firmware version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
HPSBHF02804 SSRT100631:
https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03450553
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0349 | CVE-2012-3009 | Siemens COMOS Vulnerable to obtaining database administrator privileges |
CVSS V2: 8.5 CVSS V3: - Severity: HIGH |
Siemens COMOS before 9.1 Patch 413, 9.2 before Update 03 Patch 023, and 10.0 before Patch 005 allows remote authenticated users to obtain database administrative access via unspecified method calls. COMOS is a factory engineering software. Siemens COMOS is prone to an unspecified security-bypass vulnerability. Siemens COMOS is the world's leading provider of software solutions in the field of integrated lifecycle engineering. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Siemens COMOS Unspecified Security Bypass Security Issue
SECUNIA ADVISORY ID:
SA50249
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50249/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50249
RELEASE DATE:
2012-08-13
DISCUSS ADVISORY:
http://secunia.com/advisories/50249/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50249/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50249
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in Siemens COMOS, which can be
exploited by malicious users to bypass certain security
restrictions.
Successful exploitation requires read access to the database.
The security issue is reported in versions prior to 9.1 Patch 413,
9.2 Update 03 Patch 023, 10.0 Patch 005, and 10.0 SP1.
SOLUTION:
Update to version 9.1 Patch 413, 9.2 Update 03 Patch 023, 10.0 Patch
005, or 10.0 SP1.
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
http://www.siemens.com/corporate-technology/pool/de/forschungsfelder/siemens_security_advisory_ssa-312568.pdf
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0947 | No CVE | Hitachi JP1 / Integrated Management Cross-Site Scripting Vulnerability |
CVSS V2: - CVSS V3: - Severity: - |
Hitachi JP1 / Integrated Management has a cross-site scripting vulnerability. Some unknown inputs are not properly filtered before being used. An attacker could use the vulnerability to execute arbitrary HTML and script code in the user browser of the affected site context. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
Hitachi JP1/Integrated Management Cross-Site Scripting Vulnerability
SECUNIA ADVISORY ID:
SA50163
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50163/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50163
RELEASE DATE:
2012-08-08
DISCUSS ADVISORY:
http://secunia.com/advisories/50163/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50163/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50163
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A vulnerability has been reported in Hitachi JP1/Integrated
Management, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Certain unspecified input related to Service Support is not properly
sanitised before being returned to the user.
The vulnerability is reported in versions 08-11 through 08-11-04,
08-50 through 08-50-07, 08-51 through 08-51-09, 09-00 through
09-00-06, and 09-50 through 09-50-03.
SOLUTION:
Update to a fixed version.
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
Hitachi (English):
http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS12-021/index.html
Hitachi (Japanese):
http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS12-021/index.html
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
| VAR-201208-0535 | CVE-2012-2283 | plural Iomega Product EMC Lifeline Vulnerability to read data in firmware |
CVSS V2: 5.5 CVSS V3: - Severity: MEDIUM |
The Iomega Home Media Network Hard Drive with EMC Lifeline firmware before 2.104, Home Media Network Hard Drive Cloud Edition with EMC Lifeline firmware before 3.2.3.15290, iConnect with EMC Lifeline firmware before 2.5.26.18966, and StorCenter with EMC Lifeline firmware before 2.0.18.23122, 2.1.x before 2.1.42.18967, and 3.x before 3.2.3.15290 allow remote authenticated users to read or modify data on arbitrary remote shares via unspecified vectors. Iomega network storage devices is a family of network storage devices. If remote access (including port forwarding) is enabled for the affected device, all created shares (including those linked to the USB device) can be accessed by remote unauthorized users due to access control issues.
The following devices are vulnerable:
Home Media Network Hard Drive
iConnect
StorCenter. ----------------------------------------------------------------------
The new Secunia CSI 6.0 is now available in beta!
Seamless integration with your existing security solutions Sign-up to
become a Beta tester: http://secunia.com/csi6beta
----------------------------------------------------------------------
TITLE:
EMC Lifeline Shares Access Security Bypass Security Issue
SECUNIA ADVISORY ID:
SA50232
VERIFY ADVISORY:
Secunia.com
http://secunia.com/advisories/50232/
Customer Area (Credentials Required)
https://ca.secunia.com/?page=viewadvisory&vuln_id=50232
RELEASE DATE:
2012-08-09
DISCUSS ADVISORY:
http://secunia.com/advisories/50232/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA:
* Last Update
* Popularity
* Comments
* Criticality Level
* Impact
* Where
* Solution Status
* Operating System / Software
* CVE Reference(s)
http://secunia.com/advisories/50232/
ONLY AVAILABLE IN CUSTOMER AREA:
* Authentication Level
* Report Reliability
* Secunia PoC
* Secunia Analysis
* Systems Affected
* Approve Distribution
* Remediation Status
* Secunia CVSS Score
* CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=50232
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:
* AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/
http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION:
A security issue has been reported in EMC Lifeline, which can be
exploited by malicious people to bypass certain security
restrictions.
Please see the vendor's advisory for a list of affected versions.
SOLUTION:
Update to a fixed version (please see the vendor's advisory for
details).
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
ESA-2012-031:
http://archives.neohapsis.com/archives/bugtraq/2012-08/att-0056/ESA-2012-031.txt
OTHER REFERENCES:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
DEEP LINKS:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED DESCRIPTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXTENDED SOLUTION:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
EXPLOIT:
Further details available in Customer Area:
http://secunia.com/vulnerability_intelligence/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
----------------------------------------------------------------------
.
Problem Resolution:
Download and install updated firmware for the Iomega network storage device.
Link to remedies:
Firmware updates for each affected Iomega product are available for download from www.iomega.com/support. Refer to the Readme.txt file included with the firmware update for additional information. Follow guidelines provided on the Iomega support site for security best practices; locate these articles by searching for "security best practices" from the support page for the specified Iomega network storage products.
Because the view is restricted based on customer agreements, you may not have permission to view certain downloads. Should you not see a software download you believe you should have access to, follow the instructions in EMC Knowledgebase solution emc116045.
For an explanation of Severity Ratings, refer to EMC Knowledgebase solution emc218831. EMC recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EMC Corporation distributes EMC Security Advisories, in order to bring to the attention of users of the affected EMC products, important security information. EMC recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. EMC disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall EMC or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if EMC or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.
EMC Product Security Response Center
Security_Alert@EMC.COM
http://www.emc.com/contact-us/contact/product-security-response-center.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (Cygwin)
iEYEARECAAYFAlAido0ACgkQtjd2rKp+ALwozgCfXlDVBnED5t8BprcB+xwU0qNM
pdUAoM9XsEtioHIqHnVrYEx+64e2tP3k
=JiIt
-----END PGP SIGNATURE-----