Buffer overflow : Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Windows)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.801515

Categoría: Buffer overflow

Título: Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Windows)

Resumen: This host is installed with Adobe Reader/Acrobat and is prone to buffer; overflow vulnerability.

Descripción: Summary:
This host is installed with Adobe Reader/Acrobat and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to a boundary error within 'CoolType.dll' when processing the
'uniqueName' entry of SING tables in fonts.

Vulnerability Impact:
Successful exploitation will let attackers to crash an affected application
or execute arbitrary code by tricking a user into opening a specially crafted PDF document.

Affected Software/OS:
Adobe Reader version 9.3.4 and prior.

Adobe Acrobat version 9.3.4 and prior on Windows.

Solution:
Upgrade to Adobe Reader/Adobe Acrobat version 9.4 or later.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: BugTraq ID: 43057
Common Vulnerability Exposure (CVE) ID: CVE-2010-2883
http://www.securityfocus.com/bid/43057
Cert/CC Advisory: TA10-279A
http://www.us-cert.gov/cas/techalerts/TA10-279A.html
CERT/CC vulnerability note: VU#491991
http://www.kb.cert.org/vuls/id/491991
http://security.gentoo.org/glsa/glsa-201101-08.xml
http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html
http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586
http://www.redhat.com/support/errata/RHSA-2010-0743.html
http://secunia.com/advisories/41340
http://secunia.com/advisories/43025
SuSE Security Announcement: SUSE-SA:2010:048 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:019 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html
TurboLinux Advisory: TLSA-2011-2
http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt
http://www.vupen.com/english/advisories/2010/2331
http://www.vupen.com/english/advisories/2011/0191
http://www.vupen.com/english/advisories/2011/0344
XForce ISS Database: adobe-reader-cooltype-code-execution(61635)
https://exchange.xforce.ibmcloud.com/vulnerabilities/61635

Copyright Copyright (C) 2010 Greenbone Networks GmbH

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.801515
Categoría:	Buffer overflow
Título:	Adobe Acrobat and Reader SING 'uniqueName' Buffer Overflow Vulnerability (Windows)
Resumen:	This host is installed with Adobe Reader/Acrobat and is prone to buffer; overflow vulnerability.
Descripción:	Summary: This host is installed with Adobe Reader/Acrobat and is prone to buffer overflow vulnerability. Vulnerability Insight: The flaw is due to a boundary error within 'CoolType.dll' when processing the 'uniqueName' entry of SING tables in fonts. Vulnerability Impact: Successful exploitation will let attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document. Affected Software/OS: Adobe Reader version 9.3.4 and prior. Adobe Acrobat version 9.3.4 and prior on Windows. Solution: Upgrade to Adobe Reader/Adobe Acrobat version 9.4 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	BugTraq ID: 43057 Common Vulnerability Exposure (CVE) ID: CVE-2010-2883 http://www.securityfocus.com/bid/43057 Cert/CC Advisory: TA10-279A http://www.us-cert.gov/cas/techalerts/TA10-279A.html CERT/CC vulnerability note: VU#491991 http://www.kb.cert.org/vuls/id/491991 http://security.gentoo.org/glsa/glsa-201101-08.xml http://blog.metasploit.com/2010/09/return-of-unpublished-adobe.html http://community.websense.com/blogs/securitylabs/archive/2010/09/10/brief-analysis-on-adobe-reader-sing-table-parsing-vulnerability-cve-2010-2883.aspx https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11586 http://www.redhat.com/support/errata/RHSA-2010-0743.html http://secunia.com/advisories/41340 http://secunia.com/advisories/43025 SuSE Security Announcement: SUSE-SA:2010:048 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00001.html SuSE Security Announcement: SUSE-SR:2010:019 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html TurboLinux Advisory: TLSA-2011-2 http://www.turbolinux.co.jp/security/2011/TLSA-2011-2j.txt http://www.vupen.com/english/advisories/2010/2331 http://www.vupen.com/english/advisories/2011/0191 http://www.vupen.com/english/advisories/2011/0344 XForce ISS Database: adobe-reader-cooltype-code-execution(61635) https://exchange.xforce.ibmcloud.com/vulnerabilities/61635
Copyright	Copyright (C) 2010 Greenbone Networks GmbH