SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Adobe Acrobat/Reader Vendors:   Adobe Systems Incorporated
Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
SecurityTracker Alert ID:  1027952
SecurityTracker URL:  http://securitytracker.com/id/1027952
CVE Reference:   CVE-2012-1530, CVE-2013-0601, CVE-2013-0602, CVE-2013-0603, CVE-2013-0604, CVE-2013-0605, CVE-2013-0606, CVE-2013-0607, CVE-2013-0608, CVE-2013-0609, CVE-2013-0610, CVE-2013-0611, CVE-2013-0612, CVE-2013-0613, CVE-2013-0614, CVE-2013-0615, CVE-2013-0616, CVE-2013-0617, CVE-2013-0618, CVE-2013-0619, CVE-2013-0620, CVE-2013-0621, CVE-2013-0622, CVE-2013-0623, CVE-2013-0624, CVE-2013-0626, CVE-2013-0627   (Links to External Site)
Updated:  Jan 10 2013
Original Entry Date:  Jan 8 2013
Impact:   Disclosure of system information, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.5.2, 10.1.4, 11.0.0; and prior versions
Description:   Multiple vulnerabilities were reported in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system. A local user can obtain elevated privileges on the target system. A user can bypass security restrictions.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A memory corruption error may occur [CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, CVE-2013-0623].

A use-after-free may occur [CVE-2013-0602].

A heap overflow may occur [CVE-2013-0603, CVE-2013-0604].

A stack overflow may occur [CVE-2013-0610, CVE-2013-0626].

A buffer overflow may occur [CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, CVE-2013-0621].

An integer overflow may occur [CVE-2013-0609, CVE-2013-0613].

A local error may occur [CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, CVE-2013-0618].

A local user can gain elevated privileges [CVE-2013-0627].

A user can bypass unspecified security restrictions [CVE-2013-0622, CVE-2013-0624].

Nicolas Gregoire (via iDefense's Vulnerability Contributor Program), Mateusz Jurczyk and Gynvael Coldwind of the Google Security Team, Tom Gallagher of Microsoft and Microsoft Vulnerability Research (MSVR), Alexander Gavrun (via iDefense's
Vulnerability Contributor Program, Joel Geraci of Practical:PDF, David D. Rude II of iDefense Labs, Billy Rios, Federico Lanusse, Mauro Gentile, Myke Hamada, Joost Bakker, Anand Bhat, and Timothy McKenzie reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A local user can obtain elevated privileges on the target system.

A user can bypass security restrictions.

Solution:   The vendor has issued a fix (9.5.3, 10.1.5 for Windows/Mac, 11.0.1 for Windows/Mac).

The vendor's advisory is available at:

http://www.adobe.com/support/security/bulletins/apsb13-02.html

Vendor URL:  www.adobe.com/support/security/bulletins/apsb13-02.html (Links to External Site)
Cause:   Access control error, Boundary error, Not specified
Underlying OS:  Linux (Any), UNIX (macOS/OS X), UNIX (Solaris - SunOS), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jan 10 2013 (Red Hat Issues Fix) Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local Users Gain Elevated Privileges
Red Hat has issued a fix for Red Hat Enterprise Linux 5 and 6.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC