BID:52951

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

Info

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

Bugtraq ID:	52951
Class:	Unknown
CVE:	CVE-2012-0774
Remote:	Yes
Local:	No
Published:	Apr 10 2012 12:00AM
Updated:	Jun 20 2013 09:39AM
Credit:	Peter Vreugdenhil
Vulnerable:	SuSE openSUSE 12.1 SuSE openSUSE 11.4 Red Hat Enterprise Linux Workstation Supplementary 6 Red Hat Enterprise Linux Supplementary 5 server Red Hat Enterprise Linux Server Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 6 Red Hat Enterprise Linux Desktop Supplementary 5 client Gentoo Linux Adobe Reader 10.1.2 Adobe Reader 10.1.1 Adobe Reader 9.4.7 Adobe Reader 9.4.6 Adobe Reader 9.3.4 Adobe Reader 9.3.3 Adobe Reader 9.3.2 Adobe Reader 9.3.1 Adobe Reader 9.1.3 Adobe Reader 9.1.2 Adobe Reader 9.1.1 Adobe Reader 9.5 Adobe Reader 9.4.5 Adobe Reader 9.4.4 Adobe Reader 9.4.3 Adobe Reader 9.4.2 Adobe Reader 9.4.1 Adobe Reader 9.4 Adobe Reader 9.3 Adobe Reader 9.2 Adobe Reader 9.1 Adobe Reader 9 Adobe Reader 9 Adobe Reader 10.1 Adobe Reader 10.0.3 Adobe Reader 10.0.2 Adobe Reader 10.0.1 Adobe Reader 10.0 Adobe Acrobat Standard 10.1.2 Adobe Acrobat Standard 10.1.1 Adobe Acrobat Standard 9.4.7 Adobe Acrobat Standard 9.4.6 Adobe Acrobat Standard 9.3.4 Adobe Acrobat Standard 9.3.3 Adobe Acrobat Standard 9.3.2 Adobe Acrobat Standard 9.3.1 Adobe Acrobat Standard 9.1.3 Adobe Acrobat Standard 9.1.2 Adobe Acrobat Standard 9.5 Adobe Acrobat Standard 9.4.5 Adobe Acrobat Standard 9.4.4 Adobe Acrobat Standard 9.4.3 Adobe Acrobat Standard 9.4.2 Adobe Acrobat Standard 9.4.1 Adobe Acrobat Standard 9.4 Adobe Acrobat Standard 9.3 Adobe Acrobat Standard 9.2 Adobe Acrobat Standard 9.1 Adobe Acrobat Standard 9 Adobe Acrobat Standard 10.1 Adobe Acrobat Standard 10.0.3 Adobe Acrobat Standard 10.0.2 Adobe Acrobat Standard 10.0.1 Adobe Acrobat Standard 10.0 Adobe Acrobat Professional 10.1.2 Adobe Acrobat Professional 10.1.1 Adobe Acrobat Professional 9.4.7 Adobe Acrobat Professional 9.4.6 Adobe Acrobat Professional 9.3.4 Adobe Acrobat Professional 9.3.3 Adobe Acrobat Professional 9.3.2 Adobe Acrobat Professional 9.3.1 Adobe Acrobat Professional 9.1.3 Adobe Acrobat Professional 9.1.2 Adobe Acrobat Professional 9.5 Adobe Acrobat Professional 9.4.5 Adobe Acrobat Professional 9.4.4 Adobe Acrobat Professional 9.4.3 Adobe Acrobat Professional 9.4.2 Adobe Acrobat Professional 9.4.1 Adobe Acrobat Professional 9.4 Adobe Acrobat Professional 9.3 Adobe Acrobat Professional 9.2 Adobe Acrobat Professional 9.1 Adobe Acrobat Professional 9 Extended Adobe Acrobat Professional 9 Adobe Acrobat Professional 10.1 Adobe Acrobat Professional 10.0.3 Adobe Acrobat Professional 10.0.2 Adobe Acrobat Professional 10.0.1 Adobe Acrobat Professional 10.0 Adobe Acrobat 10.1.2 Adobe Acrobat 10.1.1 Adobe Acrobat 9.4.7 Adobe Acrobat 9.4.6 Adobe Acrobat 9.3.3 Adobe Acrobat 9.3.2 Adobe Acrobat 9.3.1 Adobe Acrobat 9.1.1 Adobe Acrobat 8.2.4 Adobe Acrobat 9.5 Adobe Acrobat 9.4.5 Adobe Acrobat 9.4.4 Adobe Acrobat 9.4.3 Adobe Acrobat 9.4.2 Adobe Acrobat 9.4.1 Adobe Acrobat 9.4 Adobe Acrobat 9.3 Adobe Acrobat 9.2 Adobe Acrobat 9 Adobe Acrobat 10.1 Adobe Acrobat 10.0.3 Adobe Acrobat 10.0.2 Adobe Acrobat 10.0.1 Adobe Acrobat 10.0

Not Vulnerable:	Adobe Reader 10.1.3 Adobe Reader 9.5.1 Adobe Acrobat Standard 10.1.3 Adobe Acrobat Standard 9.5.1 Adobe Acrobat Professional 10.1.3 Adobe Acrobat Professional 9.5.1 Adobe Acrobat 10.1.3 Adobe Acrobat 9.5.1

Discussion

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

Adobe Acrobat and Reader are prone to a remote integer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions.

Exploit / POC

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

Currently we are not aware of any working exploits. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Solution / Fix

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

Solution:
Updates are available. Please see the references for more information.

References

Adobe Acrobat and Reader (CVE-2012-0774) Integer Overflow Vulnerability

References:

Adobe Homepage (Adobe)
APSB12-08 Security updates available for Adobe Reader and Acrobat (Adobe)