Announcement Announcement Module
Collapse
No announcement yet.
Multiple Vulnerabilities in Adobe Reader and Acrobat Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Multiple Vulnerabilities in Adobe Reader and Acrobat

    Multiple Vulnerabilities in Adobe Reader and Acrobat

    Severity Rating: HIGH

    Systems Affected
    • Adobe Reader XI 11.0.06 for Windows and Macintosh
    • Adobe Reader X 10.1.9 for Windows and Macintosh
    • Adobe Acrobat XI 11.0.06 for Windows and Macintosh
    • Adobe Acrobat X 10.1.9 for Windows and Macintosh

    Overview
    Multiple vulnerabilities have been reported in Adobe Reader and Acrobat which could allow a remote attacker to execute arbitrary code or cause denial of service condition on the target user's system.

    Description
    1. Heap Overflow Vulnerability
    This vulnerability occurs due to heap overflow in Adobe Reader and Acrobat.
    Successful exploitation of this vulnerability results in execution of arbitrary code or application crash (denial of service).

    2. Remote Security Bypass Vulnerability
    This vulnerability occurs due to unspecified error in Adobe Reader and Acrobat.
    A remote attacker could exploit this vulnerability by bypassing sandbox protection and perform unauthorized actions.
    Successful exploitation of this vulnerability results in bypassing of security restrictions.

    3. Information Disclosure Vulnerability
    This vulnerability occurs due to improper implementation of Javascript API's in Adobe Reader and Acrobat.
    Successful exploitation of this vulnerability results in disclosure of sensitive information.

    4.Memory Corruption vulnerabilities
    These vulnerabilities occur due to memory corruption in Adobe Reader and Acrobat.
    Successful exploitation of these vulnerabilities results in execution of arbitrary code or application crash (denial of service).

    5. Use After Free vulnerability
    This vulnerability occurs due to improper handling of the AcroPDF ActiveX control in Adobe Reader and Acrobat.
    A remote attacker could exploit this vulnerability by enticing the target user to visit a malicious page / open a crafted PDF file.
    Successful exploitation of this vulnerability results in execution of arbitrary code or application crash (denial of service).

    6. Double Free vulnerability
    This vulnerability occurs due to double free error in Adobe Reader and Acrobat.
    Successful exploitation of this vulnerability results in execution of arbitrary code or application crash (denial of service).

    7. Buffer overflow vulnerability
    This vulnerability occurs due to buffer overflow in Adobe Reader and Acrobat.
    Successful exploitation of this vulnerability results in execution of arbitrary code or application crash (denial of service).

    Solution
    Apply appropriate patches as mentioned in Adobe Security Bulletin APSB14-15

    Vendor Information
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-15.html

    References
    Cisco
    http://tools.cisco.com/security/cent...?alertId=34211

    SecurityTracker
    http://securitytracker.com/id/1030229

  • #2
    A Sandbox-Bypass Vulnerability in Adobe Reader and Acrobat

    Severity Rating: High

    Components Affected
    • Adobe Acrobat/Reader 11.0.0 and earlier 11.x versions for Windows
    • Adobe Acrobat/Reader 10.1.10 and earlier 10.x versions for Windows

    Overview
    A Sandbox-Bypass Vulnerability has been reported in Adobe Reader and Acrobat which could be exploited by attackers to bypass sandbox protection on windows platform.

    Description
    A Sandbox-Bypass Vulnerability has been reported due to limited security restrictions imposed by Adobe Reader and Acrobat. Successful exploitation of this vulnerability allows an attacker to run native code with escalated privileges.

    Note: Exploitation of this vulnerability is reported in limited targeted attacks.


    Solution
    Apply appropriate updates as mentioned in APSB14-19

    Vendor Information
    Adobe
    http://helpx.adobe.com/security/prod...apsb14-19.html

    References
    Cisco
    http://tools.cisco.com/security/cent...?alertId=35267

    Security Tracker
    http://www.securitytracker.com/id/1030711

    Comment

    Tag Cloud Tag Cloud Module
    Collapse
    Working...
    X