RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
BID:39329
Info
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
| Bugtraq ID: | 39329 |
| Class: | Unknown |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 08 2010 12:00AM |
| Updated: | Apr 16 2010 03:53PM |
| Credit: | Billy Rios and Microsoft Vulnerability Research (MSVR), Aki Helin of Oulu University Secure Programming Group, Microsoft Vulnerability Research Program (MSVR), Bing Liu of Fortinet's FortiGuard Labs, an anonymous researcher reported through TippingPoint&am |
| Vulnerable: |
Redhat Enterprise Linux WS Extras 4 Redhat Enterprise Linux Supplementary 5 server Redhat Enterprise Linux Extras 4 Redhat Enterprise Linux ES Extras 4 Redhat Enterprise Linux Desktop Supplementary 5 client Redhat Enterprise Linux AS Extras 4 Redhat Desktop Extras 4 Adobe Reader 9.3.1 Adobe Reader 9.1.3 Adobe Reader 9.1.2 Adobe Reader 9.1.1 Adobe Reader 8.2.1 Adobe Reader 8.1.7 Adobe Reader 8.1.6 Adobe Reader 8.1.5 Adobe Reader 8.1.4 Adobe Reader 8.1.3 Adobe Reader 8.1.2 Adobe Reader 8.1.1 Adobe Reader 9.3 Adobe Reader 9.2 Adobe Reader 9.1 Adobe Reader 9.0 Adobe Reader 8.2 Adobe Reader 8.1.2 Security Updat Adobe Reader 8.1 Adobe Reader 8.0 Adobe Acrobat Standard 9.3.1 Adobe Acrobat Standard 9.1.3 Adobe Acrobat Standard 9.1.2 Adobe Acrobat Standard 8.2.1 Adobe Acrobat Standard 8.1.7 Adobe Acrobat Standard 8.1.6 Adobe Acrobat Standard 8.1.4 Adobe Acrobat Standard 8.1.3 Adobe Acrobat Standard 8.1.2 Adobe Acrobat Standard 8.1.1 Adobe Acrobat Standard 9.3 Adobe Acrobat Standard 9.2 Adobe Acrobat Standard 9.1 Adobe Acrobat Standard 9 Adobe Acrobat Standard 8.2 Adobe Acrobat Standard 8.1 Adobe Acrobat Standard 8.0 Adobe Acrobat Professional 9.3.1 Adobe Acrobat Professional 8.2.1 Adobe Acrobat Professional 8.1.7 Adobe Acrobat Professional 8.1.6 Adobe Acrobat Professional 8.1.4 Adobe Acrobat Professional 8.1.3 Adobe Acrobat Professional 8.1.2 Adobe Acrobat Professional 8.1.1 Adobe Acrobat Professional 9.3 Adobe Acrobat Professional 8.2 Adobe Acrobat Professional 8.1.2 Security Updat Adobe Acrobat Professional 8.1 Adobe Acrobat Professional 8.0 Adobe Acrobat 9.3.1 Adobe Acrobat 9.1.1 Adobe Acrobat 9.3 Adobe Acrobat 9.2 |
| Not Vulnerable: |
Adobe Reader 9.3.2 Adobe Reader 8.2.2 Adobe Acrobat Standard 9.3.2 Adobe Acrobat Standard 8.2.2 Adobe Acrobat Professional 9.3.2 Adobe Acrobat Professional 8.2.2 Adobe Acrobat 9.3.2 Adobe Acrobat 8.2.2 |
Discussion
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
Adobe released an advisory addressing multiple issues in Reader and Acrobat.
Attackers can exploit these issues to steal cookie-based authentication credentials, cause a denial-of-service, or execute arbitrary code in the context of the user running an affected application.
NOTE: This BID is being retired; the following individual records have been created to document these vulnerabilities:
39515 Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability
39517 Adobe Acrobat and Reader Prefix Protocol Handler Remote Code Execution Vulnerability
39523 Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability
39524 Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability
39521 Adobe Acrobat and Reader CVE-2010-0196 Denial of Service Vulnerability
39518 Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability
39505 Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability
39511 Adobe Acrobat and Reader JPEG Data Remote Buffer Overflow Vulnerability
39520 Adobe Acrobat and Reader CVE-2010-0201 Remote Code Execution Vulnerability
39514 Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability
39507 Adobe Acrobat and Reader BMP Data Remote Buffer Overflow Vulnerability
39522 Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability
39470 Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability
39469 Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability
39417 Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability
Adobe released an advisory addressing multiple issues in Reader and Acrobat.
Attackers can exploit these issues to steal cookie-based authentication credentials, cause a denial-of-service, or execute arbitrary code in the context of the user running an affected application.
NOTE: This BID is being retired; the following individual records have been created to document these vulnerabilities:
39515 Adobe Acrobat and Reader CVE-2010-0190 Cross Site Scripting Vulnerability
39517 Adobe Acrobat and Reader Prefix Protocol Handler Remote Code Execution Vulnerability
39523 Adobe Acrobat and Reader CVE-2010-0192 Denial of Service Vulnerability
39524 Adobe Acrobat and Reader CVE-2010-0193 Denial of Service Vulnerability
39521 Adobe Acrobat and Reader CVE-2010-0196 Denial of Service Vulnerability
39518 Adobe Acrobat and Reader CVE-2010-0197 Remote Code Execution Vulnerability
39505 Adobe Acrobat and Reader PNG Data Remote Buffer Overflow Vulnerability
39511 Adobe Acrobat and Reader JPEG Data Remote Buffer Overflow Vulnerability
39520 Adobe Acrobat and Reader CVE-2010-0201 Remote Code Execution Vulnerability
39514 Adobe Acrobat and Reader GIF Data Remote Buffer Overflow Vulnerability
39507 Adobe Acrobat and Reader BMP Data Remote Buffer Overflow Vulnerability
39522 Adobe Acrobat and Reader CVE-2010-0204 Remote Code Execution Vulnerability
39470 Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability
39469 Adobe Acrobat and Reader CVE-2010-0194 X3D Component Remote Code Execution Vulnerability
39417 Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability
Exploit / POC
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Currently we are not aware of any exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution / Fix
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
RETIRED: Adobe Acrobat and Reader April 2010 Multiple Remote Vulnerabilities
References:
References:
- Adobe Homepage (Adobe)
- Adobe Security Advisory APSB10-09 (Adobe)