---------------------------------------------------------------------- Get a tax break on purchases of Secunia Solutions! If you are a U.S. company, you may be qualified for a tax break for your software purchases. Learn more at: http://secunia.com/products/corporate/vim/section_179/ ---------------------------------------------------------------------- TITLE: Adobe Reader / Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA43207 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/43207/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=43207 RELEASE DATE: 2011-02-09 DISCUSS ADVISORY: http://secunia.com/advisories/43207/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/43207/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=43207 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Multiple vulnerabilities have been reported in Adobe Reader / Acrobat, which can be exploited by malicious, local users to gain escalated privileges and by malicious people to conduct cross-site scripting attacks and compromise a user's system. 1) An unspecified error related to library loading can be exploited to execute arbitrary code. 2) An unspecified error can be exploited to corrupt memory. 3) An unspecified error related to file permissions in Windows-based versions can be exploited to gain escalated privileges. 4) An unspecified error may allow code execution. 5) An unspecified error when parsing images can be exploited to corrupt memory. 6) An error in AcroRd32.dll when parsing certain images can be exploited to corrupt memory. 7) An unspecified error in the Macintosh-based versions may allow code execution. 8) An unspecified error related to library loading can be exploited to execute arbitrary code. 9) An unspecified error may allow code execution. 10) A input validation error may allow code execution. 11) An input validation error can be exploited to conduct cross-site scripting attacks. 12) An unspecified error related to library loading can be exploited to execute arbitrary code. 13) An unspecified error can be exploited to corrupt memory. 14) A boundary error when decoding U3D image data in an IFF file can be exploited to cause a buffer overflow. 15) A boundary error when decoding U3D image data in a RGBA file can be exploited to cause a buffer overflow. 16) A boundary error when decoding U3D image data in a BMP file can be exploited to cause a buffer overflow. 17) A boundary error when decoding U3D image data in a PSD file can be exploited to cause a buffer overflow. 18) An input validation error when parsing fonts may allow code execution. 19) A boundary error when decoding U3D image data in a FLI file can be exploited to cause a buffer overflow. 20) An error in 2d.dll when parsing height and width values of RLE_8 compressed BMP files can be exploited to cause a heap-based buffer overflow. 21) An integer overflow in ACE.dll when parsing certain ICC data can be exploited to cause a buffer overflow. 22) A boundary error in rt3d.dll when parsing bits per pixel and number of colors if 4/8-bit RLE compressed BMP files can be exploited to cause a heap-based buffer overflow. 23) An error in the U3D implementation when handling the Parent Node count can be exploited to cause a buffer overflow. 24) A boundary error when processing JPEG files embedded in a PDF file can be exploited to corrupt heap memory. 25) An unspecified error when parsing images may allow code execution. 26) An input validation error can be exploited to conduct cross-site scripting attacks. 27) An unspecified error in the Macintosh-based versions may allow code execution. 28) A boundary error in rt3d.dll when parsing certain files can be exploited to cause a stack-based buffer overflow. 29) An integer overflow in the U3D implementation when parsing a ILBM texture file can be exploited to cause a buffer overflow. 30) Some vulnerabilities are caused due to vulnerabilities in the bundled version of Adobe Flash Player. For more information: SA43267 The vulnerabilities are reported in versions 8.2.5 and prior, 9.4.1 and prior, and 10.0 and prior. SOLUTION: Update to version 8.2.6, 9.4.2, or 10.0.1. Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ PROVIDED AND/OR DISCOVERED BY: 2) Bing Liu, Fortinet's FortiGuard Labs. 6) Abdullah Ada via ZDI. 8) Haifei Li, Fortinet's FortiGuard Labs. 14 - 17, 19, 20, 22, 29) Peter Vreugdenhil via ZDI. 21) Sebastian Apelt via ZDI. 23) el via ZDI. 14) Sean Larsson, iDefense Labs. 28) An anonymous person via ZDI. The vendor also credits: 1) Mitja Kolsek, ACROS Security. 3) Matthew Pun. 4, 5, 18) Tavis Ormandy, Google Security Team. 7) James Quirk. 9) Brett Gervasoni, Sense of Security. 10) Joe Schatz. 11, 26) Billy Rios, Google Security Team. 12) Greg MacManus, iSIGHT Partners Labs and Parvez Anwar. 13) CESG. 25) Will Dormann, CERT. 27) Marc Schoenefeld, Red Hat Security Response Team. ORIGINAL ADVISORY: Adobe (APSB11-03) http://www.adobe.com/support/security/bulletins/apsb11-03.html http://www.adobe.com/support/security/bulletins/apsb11-02.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-11-065/ http://www.zerodayinitiative.com/advisories/ZDI-11-066/ http://www.zerodayinitiative.com/advisories/ZDI-11-067/ http://www.zerodayinitiative.com/advisories/ZDI-11-068/ http://www.zerodayinitiative.com/advisories/ZDI-11-069/ http://www.zerodayinitiative.com/advisories/ZDI-11-070/ http://www.zerodayinitiative.com/advisories/ZDI-11-071/ http://www.zerodayinitiative.com/advisories/ZDI-11-072/ http://www.zerodayinitiative.com/advisories/ZDI-11-073/ http://www.zerodayinitiative.com/advisories/ZDI-11-074/ http://www.zerodayinitiative.com/advisories/ZDI-11-075/ http://www.zerodayinitiative.com/advisories/ZDI-11-077/ FortiGuard Labs: http://www.fortiguard.com/advisory/FGA-2011-06.html iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ EXPLOIT: Further details available in Customer Area: http://secunia.com/products/corporate/EVM/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------