Action not permitted
Modal body text goes here.
cve-2012-0777
Vulnerability from cvelistv5
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-06T18:38:14.325Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2012:0469", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "name": "48756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48756" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "name": "SUSE-SU-2012:0524", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "name": "52950", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/52950" }, { "name": "48846", "tags": [ "third-party-advisory", "x_refsource_SECUNIA", "x_transferred" ], "url": "http://secunia.com/advisories/48846" }, { "name": "TA12-101B", "tags": [ "third-party-advisory", "x_refsource_CERT", "x_transferred" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" }, { "name": "SUSE-SU-2012:0522", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "name": "openSUSE-SU-2012:0512", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "name": "1026908", "tags": [ "vdb-entry", "x_refsource_SECTRACK", "x_transferred" ], "url": "http://www.securitytracker.com/id?1026908" }, { "name": "adobe-reader-javascriptapi-code-exec(74735)", "tags": [ "vdb-entry", "x_refsource_XF", "x_transferred" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "datePublic": "2012-04-10T00:00:00", "descriptions": [ { "lang": "en", "value": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2018-01-09T17:57:01", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe" }, "references": [ { "name": "RHSA-2012:0469", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "name": "48756", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48756" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "name": "SUSE-SU-2012:0524", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "name": "52950", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/52950" }, { "name": "48846", "tags": [ "third-party-advisory", "x_refsource_SECUNIA" ], "url": "http://secunia.com/advisories/48846" }, { "name": "TA12-101B", "tags": [ "third-party-advisory", "x_refsource_CERT" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" }, { "name": "SUSE-SU-2012:0522", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "name": "openSUSE-SU-2012:0512", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "name": "1026908", "tags": [ "vdb-entry", "x_refsource_SECTRACK" ], "url": "http://www.securitytracker.com/id?1026908" }, { "name": "adobe-reader-javascriptapi-code-exec(74735)", "tags": [ "vdb-entry", "x_refsource_XF" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-0777", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2012:0469", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "name": "48756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48756" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "name": "SUSE-SU-2012:0524", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "name": "52950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52950" }, { "name": "48846", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48846" }, { "name": "TA12-101B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" }, { "name": "SUSE-SU-2012:0522", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "name": "openSUSE-SU-2012:0512", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "name": "1026908", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026908" }, { "name": "adobe-reader-javascriptapi-code-exec(74735)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" } ] } } } }, "cveMetadata": { "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2012-0777", "datePublished": "2012-04-10T23:00:00", "dateReserved": "2012-01-18T00:00:00", "dateUpdated": "2024-08-06T18:38:14.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2012-0777\",\"sourceIdentifier\":\"psirt@adobe.com\",\"published\":\"2012-04-10T23:55:01.137\",\"lastModified\":\"2022-12-14T19:04:22.233\",\"vulnStatus\":\"Analyzed\",\"evaluatorImpact\":\"Per: http://www.adobe.com/support/security/bulletins/apsb12-08.html\\n\\n\u0027These updates resolve a memory corruption in the JavaScript API that could lead to code execution (CVE-2012-0777) (Macintosh and Linux only).\u0027\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.\"},{\"lang\":\"es\",\"value\":\"La API JavaScript en Adobe Reader y Acrobat v9.x anteriores a v9.5.1 y v10.x anteriores a v10.1.3 en Mac OS X y Linuxm permite a atacantes ejecutar c\u00f3digo o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de vectores no especificados.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.5.1\",\"matchCriteriaId\":\"17934873-6B5C-4527-8FE6-547732055BD5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.1.3\",\"matchCriteriaId\":\"D1C32A7B-4C20-4E96-94F7-B281D2CD710D\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"9.0\",\"versionEndExcluding\":\"9.5.1\",\"matchCriteriaId\":\"772060E1-B2DD-487A-8682-A58E61508C6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0\",\"versionEndExcluding\":\"10.1.3\",\"matchCriteriaId\":\"7650AB7C-84FA-44A8-B076-B46B3EA365E0\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4781BF1E-8A4E-4AFF-9540-23D523EE30DD\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"703AF700-7A70-47E2-BC3A-7FD03B3CA9C1\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2012-0469.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/48756\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/48846\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.adobe.com/support/security/bulletins/apsb12-08.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/52950\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1026908\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.us-cert.gov/cas/techalerts/TA12-101B.html\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Mitigation\",\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/74735\",\"source\":\"psirt@adobe.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}]}}" } }
ghsa-jxrq-6cjh-p9vf
Vulnerability from github
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
{ "affected": [], "aliases": [ "CVE-2012-0777" ], "database_specific": { "cwe_ids": [ "CWE-119" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2012-04-10T23:55:00Z", "severity": "HIGH" }, "details": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "id": "GHSA-jxrq-6cjh-p9vf", "modified": "2022-05-14T03:51:36Z", "published": "2022-05-14T03:51:36Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0777" }, { "type": "WEB", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "type": "WEB", "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "type": "WEB", "url": "http://secunia.com/advisories/48756" }, { "type": "WEB", "url": "http://secunia.com/advisories/48846" }, { "type": "WEB", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/52950" }, { "type": "WEB", "url": "http://www.securitytracker.com/id?1026908" }, { "type": "WEB", "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" } ], "schema_version": "1.4.0", "severity": [] }
var-201204-0111
Vulnerability from variot
The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
===================================================================== Red Hat Security Advisory
Synopsis: Critical: acroread security update Advisory ID: RHSA-2012:0469-01 Product: Red Hat Enterprise Linux Extras Advisory URL: https://rhn.redhat.com/errata/RHSA-2012-0469.html Issue date: 2012-04-10 CVE Names: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 =====================================================================
- Summary:
Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.
The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Relevant releases/architectures:
Red Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64 Red Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64 Red Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64
- Description:
Adobe Reader allows users to view and print documents in Portable Document Format (PDF). These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. Solution:
Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/knowledge/articles/11258
- Bugs fixed (http://bugzilla.redhat.com/):
810397 - CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08)
- Package List:
Red Hat Enterprise Linux Desktop Supplementary (v. 5):
i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm
x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm
Red Hat Enterprise Linux Server Supplementary (v. 5):
i386: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm
x86_64: acroread-9.5.1-1.el5.i386.rpm acroread-plugin-9.5.1-1.el5.i386.rpm
Red Hat Enterprise Linux Desktop Supplementary (v. 6):
i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
Red Hat Enterprise Linux Server Supplementary (v. 6):
i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
Red Hat Enterprise Linux Workstation Supplementary (v. 6):
i386: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
x86_64: acroread-9.5.1-1.el6_2.i686.rpm acroread-plugin-9.5.1-1.el6_2.i686.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package
- References:
https://www.redhat.com/security/data/cve/CVE-2012-0774.html https://www.redhat.com/security/data/cve/CVE-2012-0775.html https://www.redhat.com/security/data/cve/CVE-2012-0777.html https://access.redhat.com/security/updates/classification/#critical http://www.adobe.com/support/security/bulletins/apsb12-08.html
- Contact:
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/
Copyright 2012 Red Hat, Inc. ----------------------------------------------------------------------
Become a PSI 3.0 beta tester! Test-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. Download it here! http://secunia.com/psi_30_beta_launch
TITLE: Red Hat update for acroread
SECUNIA ADVISORY ID: SA48756
VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/48756/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=48756
RELEASE DATE: 2012-04-11
DISCUSS ADVISORY: http://secunia.com/advisories/48756/#comments
AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s)
http://secunia.com/advisories/48756/
ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS
https://ca.secunia.com/?page=viewadvisory&vuln_id=48756
ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING
http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/
DESCRIPTION: Red Hat has issued an update for acroread. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
National Cyber Awareness System
Technical Cyber Security Alert TA12-101B
Adobe Reader and Acrobat Security Updates and Architectural Improvements
Original release date: April 10, 2012 Last revised: -- Source: US-CERT
Systems Affected
- Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX
- Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh
Overview
Adobe has released Security Bulletin APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. In addition, Reader and Acrobat now disable the rendering of 3D content by default. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3.
The Adobe ASSET blog provides additional details on new security architecture changes to Adobe Reader and Acrobat. This change helps limit the number of out-of-date, vulnerable Flash runtimes available to an attacker. Adobe Reader and Acrobat 9.5.1 also now disable rendering of 3D content by default because the 3D rendering components have a history of vulnerabilities.
An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage.
Solution
Update Reader
Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin APSB12-08 and update vulnerable versions of Adobe Reader and Acrobat.
In addition to updating, please consider the following mitigations.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable Acrobat JavaScript).
Adobe provides a framework to blacklist specific JavaScipt APIs. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks.
Prevent Internet Explorer from automatically opening PDF files
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\AcroExch.Document.7] "EditFlags"=hex:00,00,00,00
Disable the display of PDF files in the web browser
Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities.
To prevent PDF files from automatically being opened in a web browser, do the following:
- Open the Edit menu.
- Choose the Preferences option.
- Choose the Internet section.
- Uncheck the "Display PDF in browser" checkbox.
Do not access PDF files from untrusted sources
Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments. Please see Cyber Security Tip ST04-010. Please send email to cert@cert.org with "TA12-101B Feedback VU#124663" in the subject.
Produced by US-CERT, a government organization.
This product is provided subject to the Notification as indicated here: http://www.us-cert.gov/legal.html#notify
This document can also be found at http://www.us-cert.gov/cas/techalerts/TA12-101B.html
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUBT4St0z/GkGVXE7GMAQK56gf+N4gfsTH8ssv6GzNqliZtpkgx5MI/Vo71 bx/DERpK2AtQaNk3genyZ1vShMjfKUk7GmVQCeDvcTxhc+yNSSi3hSGyX7FQbl9E 6p9mMLRD9OwJ63xq3fGmydNsgQnUTsjjRxkxC1DdojtlJL3HRsYYBXxguKQaPI1p UiPoMDu5W7LJ/9f+zrMbc4Hf15366YY7XGMmFL68OpwbxOT3aRrfLC/v6FErqHli UUg79tEm8FpemBrIzusqePviNYkci2M3K5fByp9opGrttPhTZAL8ddYJKfCSm+Xg lFs5dAwD0SCI3SQxG5B8RhGgLLCz87O+ifE1Q2UjFAvB6XWQifYDwA== =5dGp -----END PGP SIGNATURE----- . The Adobe Flash browser plugin is available for multiple web browsers and operating systems, any of which could be affected.
This vulnerability is being actively exploited.
II.
III. Solution
These vulnerabilities can be mitigated by disabling the Flash plugin or by using the NoScript extension for Mozilla Firefox or SeaMonkey to whitelist websites that can access the Flash plugin. For more information about securely configuring web browsers, please see the Securing Your Web Browser document. US-CERT Vulnerability Note VU#259425 has additional details, as well as information about mitigating the PDF document attack vector.
Thanks to Department of Defense Cyber Crime Center/DCISE for information used in this document.
IV.
For instructions on subscribing to or unsubscribing from this mailing list, visit http://www.us-cert.gov/cas/signup.html. ----------------------------------------------------------------------
Do you have VARM strategy implemented?
(Vulnerability Assessment Remediation Management)
If not, then implement it through the most reliable vulnerability intelligence source on the market.
Implement it through Secunia.
SOLUTION: Do not browse untrusted websites or follow untrusted links.
Updates will reportedly be available for Windows, Macintosh, and Linux versions by July 30.
PROVIDED AND/OR DISCOVERED BY: Reported as a 0-day.
ORIGINAL ADVISORY: Adobe: http://www.adobe.com/support/security/advisories/apsa09-03.html
OTHER REFERENCES: US-CERT VU#259425: http://www.kb.cert.org/vuls/id/259425
About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities.
Subscribe: http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/
Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor.
Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org
. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201206-14
http://security.gentoo.org/
Severity: Normal Title: Adobe Reader: Multiple vulnerabilities Date: June 22, 2012 Bugs: #405949, #411499 ID: 201206-14
Synopsis
Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 app-text/acroread < 9.5.1 >= 9.5.1
Description
Multiple vulnerabilities have been found in Adobe Reader, including an integer overflow in TrueType Font handling (CVE-2012-0774) and multiple unspecified errors which could cause memory corruption.
Workaround
There is no known workaround at this time.
Resolution
All Adobe Reader users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-text/acroread-9.5.1"
References
[ 1 ] CVE-2011-4370 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370 [ 2 ] CVE-2011-4371 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371 [ 3 ] CVE-2011-4372 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372 [ 4 ] CVE-2011-4373 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373 [ 5 ] CVE-2012-0774 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774 [ 6 ] CVE-2012-0775 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775 [ 7 ] CVE-2012-0776 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776 [ 8 ] CVE-2012-0777 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
http://security.gentoo.org/glsa/glsa-201206-14.xml
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2012 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201204-0111", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "acrobat", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat reader", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.5.1" }, { "model": "acrobat", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.3" }, { "model": "acrobat reader", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat reader", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "10.1.3" }, { "model": "acrobat reader", "scope": "gte", "trust": 1.0, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat", "scope": "lt", "trust": 1.0, "vendor": "adobe", "version": "9.5.1" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "adobe", "version": null }, { "model": "acrobat", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.5 9.x (windows and macintosh)" }, { "model": "acrobat", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.1.2) 10.x (windows and macintosh)" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.4.6 9.x (linux)" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "9.5 9.x (windows and macintosh)" }, { "model": "reader", "scope": "lte", "trust": 0.8, "vendor": "adobe", "version": "x (10.1.2) 10.x (windows and macintosh)" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.0" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat reader", "scope": "eq", "trust": 0.6, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5.1" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "8.2.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "reader", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.3" }, { "model": "hat enterprise linux supplementary server", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "acrobat professional extended", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat standard", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "hat enterprise linux desktop supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.2" }, { "model": "linux", "scope": null, "trust": 0.3, "vendor": "gentoo", "version": null }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.5" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.5" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.4" }, { "model": "hat enterprise linux server supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.1" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "9.5.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.2" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "12.1" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.2" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.1.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.7" }, { "model": "hat enterprise linux desktop supplementary client", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "5" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.1" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3" }, { "model": "acrobat professional", "scope": "ne", "trust": 0.3, "vendor": "adobe", "version": "10.1.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.2" }, { "model": "reader", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.1.3" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.6" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.4.1" }, { "model": "acrobat standard", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.4" }, { "model": "acrobat professional", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "10.0.3" }, { "model": "acrobat", "scope": "eq", "trust": 0.3, "vendor": "adobe", "version": "9.3.2" }, { "model": "hat enterprise linux workstation supplementary", "scope": "eq", "trust": 0.3, "vendor": "red", "version": "6" } ], "sources": [ { "db": "CERT/CC", "id": "VU#259425" }, { "db": "BID", "id": "52950" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "CNNVD", "id": "CNNVD-201204-134" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.5.1", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.3", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.5.1", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.3", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2012-0777" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "James Quirk, Los Alamos", "sources": [ { "db": "BID", "id": "52950" } ], "trust": 0.3 }, "cve": "CVE-2012-0777", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": true, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2012-0777", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 8.6, "id": "VHN-54058", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2012-0777", "trust": 1.0, "value": "MEDIUM" }, { "author": "CARNEGIE MELLON", "id": "VU#259425", "trust": 0.8, "value": "35.34" }, { "author": "NVD", "id": "CVE-2012-0777", "trust": 0.8, "value": "High" }, { "author": "CNNVD", "id": "CNNVD-201204-134", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-54058", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#259425" }, { "db": "VULHUB", "id": "VHN-54058" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "CNNVD", "id": "CNNVD-201204-134" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. Adobe Flash contains a vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Adobe Flash Player, Reader, Acrobat, and other products that include Flash support are affected. \nAttackers can exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts will likely cause denial-of-service conditions. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n=====================================================================\n Red Hat Security Advisory\n\nSynopsis: Critical: acroread security update\nAdvisory ID: RHSA-2012:0469-01\nProduct: Red Hat Enterprise Linux Extras\nAdvisory URL: https://rhn.redhat.com/errata/RHSA-2012-0469.html\nIssue date: 2012-04-10\nCVE Names: CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 \n=====================================================================\n\n1. Summary:\n\nUpdated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary. \n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section. Relevant releases/architectures:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Desktop Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 5) - i386, x86_64\nRed Hat Enterprise Linux Server Supplementary (v. 6) - i386, x86_64\nRed Hat Enterprise Linux Workstation Supplementary (v. 6) - i386, x86_64\n\n3. Description:\n\nAdobe Reader allows users to view and print documents in Portable Document\nFormat (PDF). These flaws are\ndetailed on the Adobe security page APSB12-08, listed in the References\nsection. Solution:\n\nBefore applying this update, make sure all previously-released errata\nrelevant to your system have been applied. \n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258\n\n5. Bugs fixed (http://bugzilla.redhat.com/):\n\n810397 - CVE-2012-0774 CVE-2012-0775 CVE-2012-0777 acroread: multiple unspecified flaws (APSB12-08)\n\n6. Package List:\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 5):\n\ni386:\nacroread-9.5.1-1.el5.i386.rpm\nacroread-plugin-9.5.1-1.el5.i386.rpm\n\nx86_64:\nacroread-9.5.1-1.el5.i386.rpm\nacroread-plugin-9.5.1-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 5):\n\ni386:\nacroread-9.5.1-1.el5.i386.rpm\nacroread-plugin-9.5.1-1.el5.i386.rpm\n\nx86_64:\nacroread-9.5.1-1.el5.i386.rpm\nacroread-plugin-9.5.1-1.el5.i386.rpm\n\nRed Hat Enterprise Linux Desktop Supplementary (v. 6):\n\ni386:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nx86_64:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nRed Hat Enterprise Linux Server Supplementary (v. 6):\n\ni386:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nx86_64:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nRed Hat Enterprise Linux Workstation Supplementary (v. 6):\n\ni386:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nx86_64:\nacroread-9.5.1-1.el6_2.i686.rpm\nacroread-plugin-9.5.1-1.el6_2.i686.rpm\n\nThese packages are GPG signed by Red Hat for security. Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/#package\n\n7. References:\n\nhttps://www.redhat.com/security/data/cve/CVE-2012-0774.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0775.html\nhttps://www.redhat.com/security/data/cve/CVE-2012-0777.html\nhttps://access.redhat.com/security/updates/classification/#critical\nhttp://www.adobe.com/support/security/bulletins/apsb12-08.html\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2012 Red Hat, Inc. ----------------------------------------------------------------------\n\nBecome a PSI 3.0 beta tester!\nTest-drive the new beta version and tell us what you think about its extended automatic update function and significantly enhanced user-interface. \nDownload it here!\nhttp://secunia.com/psi_30_beta_launch\n\n----------------------------------------------------------------------\n\nTITLE:\nRed Hat update for acroread\n\nSECUNIA ADVISORY ID:\nSA48756\n\nVERIFY ADVISORY:\nSecunia.com\nhttp://secunia.com/advisories/48756/\nCustomer Area (Credentials Required)\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48756\n\nRELEASE DATE:\n2012-04-11\n\nDISCUSS ADVISORY:\nhttp://secunia.com/advisories/48756/#comments\n\nAVAILABLE ON SITE AND IN CUSTOMER AREA:\n * Last Update\n * Popularity\n * Comments\n * Criticality Level\n * Impact\n * Where\n * Solution Status\n * Operating System / Software\n * CVE Reference(s)\n\nhttp://secunia.com/advisories/48756/\n\nONLY AVAILABLE IN CUSTOMER AREA:\n * Authentication Level\n * Report Reliability\n * Secunia PoC\n * Secunia Analysis\n * Systems Affected\n * Approve Distribution\n * Remediation Status\n * Secunia CVSS Score\n * CVSS\n\nhttps://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48756\n\nONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI:\n * AUTOMATED SCANNING\n\nhttp://secunia.com/vulnerability_scanning/personal/\nhttp://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/\n\nDESCRIPTION:\nRed Hat has issued an update for acroread. \n-----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n\n National Cyber Awareness System\n\n Technical Cyber Security Alert TA12-101B\n\n\nAdobe Reader and Acrobat Security Updates and Architectural Improvements\n\n Original release date: April 10, 2012\n Last revised: --\n Source: US-CERT\n\n\nSystems Affected\n\n * Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh\n * Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX\n * Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh\n * Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh\n\n\nOverview\n\n Adobe has released Security Bulletin APSB12-08, which describes\n multiple vulnerabilities affecting Adobe Reader and Acrobat. In addition, Reader and Acrobat now disable the\n rendering of 3D content by default. These\n vulnerabilities affect Adobe Reader and Acrobat versions 9.x\n through 9.5, and Reader X and Acrobat X versions prior to 10.1.3. \n\n The Adobe ASSET blog provides additional details on new security\n architecture changes to Adobe Reader and Acrobat. This change helps limit\n the number of out-of-date, vulnerable Flash runtimes available to\n an attacker. Adobe Reader and Acrobat 9.5.1 also now disable\n rendering of 3D content by default because the 3D rendering\n components have a history of vulnerabilities. \n\n An attacker could exploit these vulnerabilities by convincing a\n user to open a specially crafted PDF file. This can happen\n automatically as the result of viewing a webpage. \n\n\nSolution\n\n Update Reader\n\n Adobe has released updates to address this issue. Users are\n encouraged to read Adobe Security Bulletin APSB12-08 and update\n vulnerable versions of Adobe Reader and Acrobat. \n\n In addition to updating, please consider the following mitigations. \n\n Disable JavaScript in Adobe Reader and Acrobat\n\n Disabling JavaScript may prevent some exploits from resulting in\n code execution. You can disable Acrobat JavaScript using the\n Preferences menu (Edit -\u003e Preferences -\u003e JavaScript; uncheck Enable\n Acrobat JavaScript). \n\n Adobe provides a framework to blacklist specific JavaScipt APIs. If\n JavaScript must be enabled, this framework may be useful when\n specific APIs are known to be vulnerable or used in attacks. \n\n Prevent Internet Explorer from automatically opening PDF files\n\n The installer for Adobe Reader and Acrobat configures Internet\n Explorer to automatically open PDF files without any user\n interaction. This behavior can be reverted to a safer option that\n prompts the user by importing the following as a .REG file:\n\n Windows Registry Editor Version 5.00\n\n [HKEY_CLASSES_ROOT\\AcroExch.Document.7]\n \"EditFlags\"=hex:00,00,00,00\n\n Disable the display of PDF files in the web browser\n\n Preventing PDF files from opening inside a web browser will\n partially mitigate this vulnerability. Applying this workaround may\n also mitigate future vulnerabilities. \n\n To prevent PDF files from automatically being opened in a web\n browser, do the following:\n\n 1. \n 2. Open the Edit menu. \n 3. Choose the Preferences option. \n 4. Choose the Internet section. \n 5. Uncheck the \"Display PDF in browser\" checkbox. \n\n Do not access PDF files from untrusted sources\n\n Do not open unfamiliar or unexpected PDF files, particularly those\n hosted on websites or delivered as email attachments. Please see\n Cyber Security Tip ST04-010. Please send\n email to \u003ccert@cert.org\u003e with \"TA12-101B Feedback VU#124663\" in\n the subject. \n ____________________________________________________________________\n\n Produced by US-CERT, a government organization. \n ____________________________________________________________________\n\nThis product is provided subject to the Notification as indicated here: \nhttp://www.us-cert.gov/legal.html#notify\n\nThis document can also be found at\nhttp://www.us-cert.gov/cas/techalerts/TA12-101B.html\n\nFor instructions on subscribing to or unsubscribing from this \nmailing list, visit http://www.us-cert.gov/cas/signup.html\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1.4.5 (GNU/Linux)\n\niQEVAwUBT4St0z/GkGVXE7GMAQK56gf+N4gfsTH8ssv6GzNqliZtpkgx5MI/Vo71\nbx/DERpK2AtQaNk3genyZ1vShMjfKUk7GmVQCeDvcTxhc+yNSSi3hSGyX7FQbl9E\n6p9mMLRD9OwJ63xq3fGmydNsgQnUTsjjRxkxC1DdojtlJL3HRsYYBXxguKQaPI1p\nUiPoMDu5W7LJ/9f+zrMbc4Hf15366YY7XGMmFL68OpwbxOT3aRrfLC/v6FErqHli\nUUg79tEm8FpemBrIzusqePviNYkci2M3K5fByp9opGrttPhTZAL8ddYJKfCSm+Xg\nlFs5dAwD0SCI3SQxG5B8RhGgLLCz87O+ifE1Q2UjFAvB6XWQifYDwA==\n=5dGp\n-----END PGP SIGNATURE-----\n. The\n Adobe Flash browser plugin is available for multiple web browsers\n and operating systems, any of which could be affected. \n \n This vulnerability is being actively exploited. \n\n\nII. \n\n\nIII. Solution\n\n These vulnerabilities can be mitigated by disabling the Flash\n plugin or by using the NoScript extension for Mozilla Firefox or\n SeaMonkey to whitelist websites that can access the Flash plugin. \n For more information about securely configuring web browsers,\n please see the Securing Your Web Browser document. US-CERT\n Vulnerability Note VU#259425 has additional details, as well as\n information about mitigating the PDF document attack vector. \n \n Thanks to Department of Defense Cyber Crime Center/DCISE for\n information used in this document. \n\n\nIV. \n ____________________________________________________________________\n\n For instructions on subscribing to or unsubscribing from this\n mailing list, visit \u003chttp://www.us-cert.gov/cas/signup.html\u003e. ----------------------------------------------------------------------\n\nDo you have VARM strategy implemented?\n\n(Vulnerability Assessment Remediation Management) \n\nIf not, then implement it through the most reliable vulnerability\nintelligence source on the market. \n\nImplement it through Secunia. \n\nSOLUTION:\nDo not browse untrusted websites or follow untrusted links. \n\nUpdates will reportedly be available for Windows, Macintosh, and\nLinux versions by July 30. \n\nPROVIDED AND/OR DISCOVERED BY:\nReported as a 0-day. \n\nORIGINAL ADVISORY:\nAdobe:\nhttp://www.adobe.com/support/security/advisories/apsa09-03.html\n\nOTHER REFERENCES:\nUS-CERT VU#259425:\nhttp://www.kb.cert.org/vuls/id/259425\n\n----------------------------------------------------------------------\n\nAbout:\nThis Advisory was delivered by Secunia as a free service to help\neverybody keeping their systems up to date against the latest\nvulnerabilities. \n\nSubscribe:\nhttp://secunia.com/advisories/secunia_security_advisories/\n\nDefinitions: (Criticality, Where etc.)\nhttp://secunia.com/advisories/about_secunia_advisories/\n\n\nPlease Note:\nSecunia recommends that you verify all advisories you receive by\nclicking the link. \nSecunia NEVER sends attached files with advisories. \nSecunia does not advise people to install third party patches, only\nuse those supplied by the vendor. \n\n----------------------------------------------------------------------\n\nUnsubscribe: Secunia Security Advisories\nhttp://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org\n\n----------------------------------------------------------------------\n\n\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201206-14\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n http://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: Adobe Reader: Multiple vulnerabilities\n Date: June 22, 2012\n Bugs: #405949, #411499\n ID: 201206-14\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities in Adobe Reader might allow remote attackers\nto execute arbitrary code or conduct various other attacks. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 app-text/acroread \u003c 9.5.1 \u003e= 9.5.1\n\nDescription\n===========\n\nMultiple vulnerabilities have been found in Adobe Reader, including an\ninteger overflow in TrueType Font handling (CVE-2012-0774) and multiple\nunspecified errors which could cause memory corruption. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Adobe Reader users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=app-text/acroread-9.5.1\"\n\nReferences\n==========\n\n[ 1 ] CVE-2011-4370\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4370\n[ 2 ] CVE-2011-4371\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4371\n[ 3 ] CVE-2011-4372\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4372\n[ 4 ] CVE-2011-4373\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4373\n[ 5 ] CVE-2012-0774\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0774\n[ 6 ] CVE-2012-0775\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0775\n[ 7 ] CVE-2012-0776\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0776\n[ 8 ] CVE-2012-0777\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0777\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n http://security.gentoo.org/glsa/glsa-201206-14.xml\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2012 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n", "sources": [ { "db": "NVD", "id": "CVE-2012-0777" }, { "db": "CERT/CC", "id": "VU#259425" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "BID", "id": "52950" }, { "db": "VULHUB", "id": "VHN-54058" }, { "db": "PACKETSTORM", "id": "111733" }, { "db": "PACKETSTORM", "id": "111768" }, { "db": "PACKETSTORM", "id": "111760" }, { "db": "PACKETSTORM", "id": "111927" }, { "db": "PACKETSTORM", "id": "79569" }, { "db": "PACKETSTORM", "id": "79567" }, { "db": "PACKETSTORM", "id": "114069" } ], "trust": 3.33 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2012-0777", "trust": 3.0 }, { "db": "USCERT", "id": "TA12-101B", "trust": 2.6 }, { "db": "BID", "id": "52950", "trust": 2.0 }, { "db": "SECUNIA", "id": "48846", "trust": 1.8 }, { "db": "SECUNIA", "id": "48756", "trust": 1.8 }, { "db": "SECTRACK", "id": "1026908", "trust": 1.7 }, { "db": "CERT/CC", "id": "VU#259425", "trust": 1.1 }, { "db": "JVNDB", "id": "JVNDB-2012-002042", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201204-134", "trust": 0.7 }, { "db": "SECUNIA", "id": "35948", "trust": 0.2 }, { "db": "SEEBUG", "id": "SSVID-60038", "trust": 0.1 }, { "db": "VULHUB", "id": "VHN-54058", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111733", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111768", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111760", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "111927", "trust": 0.1 }, { "db": "USCERT", "id": "TA09-204A", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "79569", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "79567", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "114069", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#259425" }, { "db": "VULHUB", "id": "VHN-54058" }, { "db": "BID", "id": "52950" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "PACKETSTORM", "id": "111733" }, { "db": "PACKETSTORM", "id": "111768" }, { "db": "PACKETSTORM", "id": "111760" }, { "db": "PACKETSTORM", "id": "111927" }, { "db": "PACKETSTORM", "id": "79569" }, { "db": "PACKETSTORM", "id": "79567" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201204-134" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "id": "VAR-201204-0111", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-54058" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T20:32:19.934000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "APSB12-08", "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "title": "APSB12-08 (cpsid_93413)", "trust": 0.8, "url": "http://kb2.adobe.com/jp/cps/934/cpsid_93413.html" }, { "title": "APSB12-08", "trust": 0.8, "url": "http://www.adobe.com/jp/support/security/bulletins/apsb12-08.html" }, { "title": "\u30a2\u30c9\u30d3 \u30b7\u30b9\u30c6\u30e0\u30ba\u793e Adobe Reader \u306e\u8106\u5f31\u6027\u306b\u95a2\u3059\u308b\u304a\u77e5\u3089\u305b", "trust": 0.8, "url": "http://www.fmworld.net/biz/common/adobe/20120412.html" }, { "title": "AdbeRdrUpd951_all_incr", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42860" }, { "title": "AcrobatUpd951_all_incr", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42868" }, { "title": "AdbeRdrUpd1013", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42859" }, { "title": "AcrobatUpd1013", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42867" }, { "title": "AdbeRdrUpd951_all_i386", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42862" }, { "title": "AcroProUpd951_all", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42870" }, { "title": "AdbeRdrUpd1013", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42861" }, { "title": "AcrobatUpd1013", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42869" }, { "title": "AdbeRdr9.5.1-1_i486linux_enu", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42864" }, { "title": "AdbeRdr9.5.1-1_i486linux_enu", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42863" }, { "title": "AdbeRdr9.5.1-1_i486linux_enu", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42866" }, { "title": "AdbeRdr9.5.1-1_i386linux_enu", "trust": 0.6, "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=42865" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "CNNVD", "id": "CNNVD-201204-134" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-119", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-54058" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.6, "url": "http://www.us-cert.gov/cas/techalerts/ta12-101b.html" }, { "trust": 2.1, "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "trust": 1.9, "url": "http://rhn.redhat.com/errata/rhsa-2012-0469.html" }, { "trust": 1.8, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "trust": 1.7, "url": "http://www.securityfocus.com/bid/52950" }, { "trust": 1.7, "url": "http://www.securitytracker.com/id?1026908" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48756" }, { "trust": 1.7, "url": "http://secunia.com/advisories/48846" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "trust": 1.7, "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "trust": 1.7, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" }, { "trust": 0.9, "url": "http://www.adobe.com/support/security/advisories/apsa09-03.html" }, { "trust": 0.8, "url": "http://www.adobe.com/support/security/bulletins/apsb09-10.html" }, { "trust": 0.8, "url": "http://blogs.adobe.com/psirt/2009/07/potential_adobe_reader_and_fla.html" }, { "trust": 0.8, "url": "http://blogs.adobe.com/psirt/2009/07/update_on_adobe_reader_acrobat.html" }, { "trust": 0.8, "url": "http://bugs.adobe.com/jira/browse/fp-1265" }, { "trust": 0.8, "url": "http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability" }, { "trust": 0.8, "url": "http://kb2.adobe.com/cps/141/tn_14157.html" }, { "trust": 0.8, "url": "http://blog.fireeye.com/research/2009/07/actionscript_heap_spray.html" }, { "trust": 0.8, "url": "http://blogs.technet.com/srd/archive/2009/06/05/understanding-dep-as-a-mitigation-technology-part-1.aspx" }, { "trust": 0.8, "url": "http://blogs.technet.com/srd/archive/2009/06/12/understanding-dep-as-a-mitigation-technology-part-2.aspx" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0777" }, { "trust": 0.8, "url": "https://www.jpcert.or.jp/at/2012/at120013.txt" }, { "trust": 0.8, "url": "http://jvn.jp/cert/jvnta12-101b/index.html" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-0777" }, { "trust": 0.8, "url": "http://www.npa.go.jp/cyberpolice/#topics" }, { "trust": 0.3, "url": "http://www.adobe.com" }, { "trust": 0.3, "url": "http://secunia.com/advisories/secunia_security_advisories/" }, { "trust": 0.3, "url": "http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org" }, { "trust": 0.3, "url": "http://secunia.com/advisories/about_secunia_advisories/" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0777" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0775" }, { "trust": 0.2, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0774" }, { "trust": 0.2, "url": "http://secunia.com/psi_30_beta_launch" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_intelligence/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/" }, { "trust": 0.2, "url": "http://secunia.com/vulnerability_scanning/personal/" }, { "trust": 0.2, "url": "http://www.kb.cert.org/vuls/id/259425\u003e" }, { "trust": 0.1, "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/contact/" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0777.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/team/key/#package" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0775.html" }, { "trust": 0.1, "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "trust": 0.1, "url": "http://bugzilla.redhat.com/):" }, { "trust": 0.1, "url": "https://www.redhat.com/security/data/cve/cve-2012-0774.html" }, { "trust": 0.1, "url": "https://access.redhat.com/knowledge/articles/11258" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48756/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48756/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48756" }, { "trust": 0.1, "url": "http://blogs.adobe.com/asset/2012/04/background-on-security-bulletin-apsb12-08.html\u003e" }, { "trust": 0.1, "url": "https://www.adobe.com/support/security/bulletins/apsb11-30.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html#notify" }, { "trust": 0.1, "url": "http://get.adobe.com/flashplayer/\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html" }, { "trust": 0.1, "url": "http://kb2.adobe.com/cps/504/cpsid_50431.html\u003e" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/bypublished?searchview\u0026amp;query=rt3d.dll\u003e" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48846/#comments" }, { "trust": 0.1, "url": "http://secunia.com/advisories/48846/" }, { "trust": 0.1, "url": "https://ca.secunia.com/?page=viewadvisory\u0026vuln_id=48846" }, { "trust": 0.1, "url": "https://addons.mozilla.org/addon/722\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/legal.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/techalerts/ta09-204a.html\u003e" }, { "trust": 0.1, "url": "http://www.us-cert.gov/cas/signup.html\u003e." }, { "trust": 0.1, "url": "http://www.us-cert.gov/reading_room/securing_browser/\u003e" }, { "trust": 0.1, "url": "http://www.adobe.com/support/security/advisories/apsa09-03.html\u003e" }, { "trust": 0.1, "url": "http://secunia.com/advisories/35948/" }, { "trust": 0.1, "url": "http://www.kb.cert.org/vuls/id/259425" }, { "trust": 0.1, "url": "http://secunia.com/advisories/business_solutions/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4370" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0775" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4371" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2012-0776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4373" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4371" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0776" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0774" }, { "trust": 0.1, "url": "http://security.gentoo.org/glsa/glsa-201206-14.xml" }, { "trust": 0.1, "url": "http://creativecommons.org/licenses/by-sa/2.5" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4372" }, { "trust": 0.1, "url": "http://security.gentoo.org/" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2012-0777" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4370" }, { "trust": 0.1, "url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2011-4372" }, { "trust": 0.1, "url": "https://bugs.gentoo.org." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2011-4373" } ], "sources": [ { "db": "CERT/CC", "id": "VU#259425" }, { "db": "VULHUB", "id": "VHN-54058" }, { "db": "BID", "id": "52950" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "PACKETSTORM", "id": "111733" }, { "db": "PACKETSTORM", "id": "111768" }, { "db": "PACKETSTORM", "id": "111760" }, { "db": "PACKETSTORM", "id": "111927" }, { "db": "PACKETSTORM", "id": "79569" }, { "db": "PACKETSTORM", "id": "79567" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201204-134" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#259425" }, { "db": "VULHUB", "id": "VHN-54058" }, { "db": "BID", "id": "52950" }, { "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "db": "PACKETSTORM", "id": "111733" }, { "db": "PACKETSTORM", "id": "111768" }, { "db": "PACKETSTORM", "id": "111760" }, { "db": "PACKETSTORM", "id": "111927" }, { "db": "PACKETSTORM", "id": "79569" }, { "db": "PACKETSTORM", "id": "79567" }, { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201204-134" }, { "db": "NVD", "id": "CVE-2012-0777" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-07-22T00:00:00", "db": "CERT/CC", "id": "VU#259425" }, { "date": "2012-04-10T00:00:00", "db": "VULHUB", "id": "VHN-54058" }, { "date": "2012-04-10T00:00:00", "db": "BID", "id": "52950" }, { "date": "2012-04-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "date": "2012-04-11T14:18:39", "db": "PACKETSTORM", "id": "111733" }, { "date": "2012-04-11T07:09:51", "db": "PACKETSTORM", "id": "111768" }, { "date": "2012-04-11T15:20:24", "db": "PACKETSTORM", "id": "111760" }, { "date": "2012-04-17T11:24:12", "db": "PACKETSTORM", "id": "111927" }, { "date": "2009-07-23T22:33:27", "db": "PACKETSTORM", "id": "79569" }, { "date": "2009-07-23T14:30:39", "db": "PACKETSTORM", "id": "79567" }, { "date": "2012-06-22T20:23:37", "db": "PACKETSTORM", "id": "114069" }, { "date": "2012-04-11T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-134" }, { "date": "2012-04-10T23:55:01.137000", "db": "NVD", "id": "CVE-2012-0777" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2009-08-07T00:00:00", "db": "CERT/CC", "id": "VU#259425" }, { "date": "2022-12-14T00:00:00", "db": "VULHUB", "id": "VHN-54058" }, { "date": "2013-06-20T09:41:00", "db": "BID", "id": "52950" }, { "date": "2012-04-12T00:00:00", "db": "JVNDB", "id": "JVNDB-2012-002042" }, { "date": "2022-12-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201204-134" }, { "date": "2022-12-14T19:04:22.233000", "db": "NVD", "id": "CVE-2012-0777" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "114069" }, { "db": "CNNVD", "id": "CNNVD-201204-134" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Adobe Flash vulnerability affects Flash Player and other Adobe products", "sources": [ { "db": "CERT/CC", "id": "VU#259425" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer error", "sources": [ { "db": "CNNVD", "id": "CNNVD-201204-134" } ], "trust": 0.6 } }
gsd-2012-0777
Vulnerability from gsd
{ "GSD": { "alias": "CVE-2012-0777", "description": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "id": "GSD-2012-0777", "references": [ "https://www.suse.com/security/cve/CVE-2012-0777.html", "https://access.redhat.com/errata/RHSA-2012:0469" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2012-0777" ], "details": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "id": "GSD-2012-0777", "modified": "2023-12-13T01:20:13.905296Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-0777", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "RHSA-2012:0469", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "name": "48756", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48756" }, { "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "refsource": "CONFIRM", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "name": "SUSE-SU-2012:0524", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "name": "52950", "refsource": "BID", "url": "http://www.securityfocus.com/bid/52950" }, { "name": "48846", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48846" }, { "name": "TA12-101B", "refsource": "CERT", "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" }, { "name": "SUSE-SU-2012:0522", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "name": "openSUSE-SU-2012:0512", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" }, { "name": "1026908", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1026908" }, { "name": "adobe-reader-javascriptapi-code-exec(74735)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.5.1", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat_reader:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.3", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" }, { "children": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "9.5.1", "versionStartIncluding": "9.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:adobe:acrobat:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.1.3", "versionStartIncluding": "10.0", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false }, { "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": false } ], "operator": "OR" } ], "cpe_match": [], "operator": "AND" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "psirt@adobe.com", "ID": "CVE-2012-0777" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-119" } ] } ] }, "references": { "reference_data": [ { "name": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "name": "1026908", "refsource": "SECTRACK", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securitytracker.com/id?1026908" }, { "name": "52950", "refsource": "BID", "tags": [ "Broken Link", "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/52950" }, { "name": "48756", "refsource": "SECUNIA", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/48756" }, { "name": "TA12-101B", "refsource": "CERT", "tags": [ "Mitigation", "Third Party Advisory", "US Government Resource" ], "url": "http://www.us-cert.gov/cas/techalerts/TA12-101B.html" }, { "name": "48846", "refsource": "SECUNIA", "tags": [ "Broken Link" ], "url": "http://secunia.com/advisories/48846" }, { "name": "adobe-reader-javascriptapi-code-exec(74735)", "refsource": "XF", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/74735" }, { "name": "SUSE-SU-2012:0524", "refsource": "SUSE", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00017.html" }, { "name": "SUSE-SU-2012:0522", "refsource": "SUSE", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00016.html" }, { "name": "RHSA-2012:0469", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "http://rhn.redhat.com/errata/RHSA-2012-0469.html" }, { "name": "openSUSE-SU-2012:0512", "refsource": "SUSE", "tags": [ "Broken Link", "Mailing List", "Third Party Advisory" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true } }, "lastModifiedDate": "2022-12-14T19:04Z", "publishedDate": "2012-04-10T23:55Z" } } }
rhsa-2012_0469
Vulnerability from csaf_redhat
Notes
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "Updated acroread packages that fix multiple security issues are now\navailable for Red Hat Enterprise Linux 5 and 6 Supplementary.\n\nThe Red Hat Security Response Team has rated this update as having critical\nsecurity impact. Common Vulnerability Scoring System (CVSS) base scores,\nwhich give detailed severity ratings, are available for each vulnerability\nfrom the CVE links in the References section.", "title": "Topic" }, { "category": "general", "text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nThis update fixes multiple security flaws in Adobe Reader. These flaws are\ndetailed on the Adobe security page APSB12-08, listed in the References\nsection. A specially-crafted PDF file could cause Adobe Reader to crash or,\npotentially, execute arbitrary code as the user running Adobe Reader when\nopened. (CVE-2012-0774, CVE-2012-0775, CVE-2012-0777)\n\nAll Adobe Reader users should install these updated packages. They contain\nAdobe Reader version 9.5.1, which is not vulnerable to these issues. All\nrunning instances of Adobe Reader must be restarted for the update to take\neffect.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2012:0469", "url": "https://access.redhat.com/errata/RHSA-2012:0469" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" }, { "category": "external", "summary": "810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2012/rhsa-2012_0469.json" } ], "title": "Red Hat Security Advisory: acroread security update", "tracking": { "current_release_date": "2024-11-14T11:30:54+00:00", "generator": { "date": "2024-11-14T11:30:54+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.2.0" } }, "id": "RHSA-2012:0469", "initial_release_date": "2012-04-10T20:24:00+00:00", "revision_history": [ { "date": "2012-04-10T20:24:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2013-11-13T11:14:13+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-14T11:30:54+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::client" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:5::server" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } }, { "category": "product_name", "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product": { "name": "Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_extras:6" } } } ], "category": "product_family", "name": "Red Hat Enterprise Linux Supplementary" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.5.1-1.el5.i386", "product": { "name": "acroread-plugin-0:9.5.1-1.el5.i386", "product_id": "acroread-plugin-0:9.5.1-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.5.1-1.el5?arch=i386" } } }, { "category": "product_version", "name": "acroread-0:9.5.1-1.el5.i386", "product": { "name": "acroread-0:9.5.1-1.el5.i386", "product_id": "acroread-0:9.5.1-1.el5.i386", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.5.1-1.el5?arch=i386" } } } ], "category": "architecture", "name": "i386" }, { "branches": [ { "category": "product_version", "name": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product_id": "acroread-plugin-0:9.5.1-1.el6_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread-plugin@9.5.1-1.el6_2?arch=i686" } } }, { "category": "product_version", "name": "acroread-0:9.5.1-1.el6_2.i686", "product": { "name": "acroread-0:9.5.1-1.el6_2.i686", "product_id": "acroread-0:9.5.1-1.el6_2.i686", "product_identification_helper": { "purl": "pkg:rpm/redhat/acroread@9.5.1-1.el6_2?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 5)", "product_id": "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Client-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el5.i386 as a component of Red Hat Enterprise Linux Server Supplementary (v. 5)", "product_id": "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386" }, "product_reference": "acroread-plugin-0:9.5.1-1.el5.i386", "relates_to_product_reference": "5Server-Supplementary" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Client-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Desktop Supplementary (v. 6)", "product_id": "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Client-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Server-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Server Supplementary (v. 6)", "product_id": "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Server-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.2.z" }, { "category": "default_component_of", "full_product_name": { "name": "acroread-plugin-0:9.5.1-1.el6_2.i686 as a component of Red Hat Enterprise Linux Workstation Supplementary (v. 6)", "product_id": "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" }, "product_reference": "acroread-plugin-0:9.5.1-1.el6_2.i686", "relates_to_product_reference": "6Workstation-Supplementary-6.2.z" } ] }, "vulnerabilities": [ { "cve": "CVE-2011-4370", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4372 and CVE-2011-4373.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4370" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4370", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4370" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4370", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4370" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4371", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4371" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4371", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4371" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4371", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4371" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4372", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4373.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4372" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4372", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4372" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4372", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4372" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2011-4373", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Adobe Reader and Acrobat before 9.5, and 10.x before 10.1.2, on Windows and Mac OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2011-4370 and CVE-2011-4372.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2011-4373" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2011-4373", "url": "https://www.cve.org/CVERecord?id=CVE-2011-4373" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2011-4373", "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4373" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0774", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0774" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0774", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0774" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0774", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0774" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0775", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "The JavaScript implementation in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0775" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0775", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0775" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0775", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0775" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" }, { "cve": "CVE-2012-0777", "discovery_date": "2012-04-05T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "810397" } ], "notes": [ { "category": "description", "text": "The JavaScript API in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 on Mac OS X and Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.", "title": "Vulnerability description" }, { "category": "summary", "text": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2012-0777" }, { "category": "external", "summary": "RHBZ#810397", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=810397" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2012-0777", "url": "https://www.cve.org/CVERecord?id=CVE-2012-0777" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2012-0777", "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0777" }, { "category": "external", "summary": "http://www.adobe.com/support/security/bulletins/apsb12-08.html", "url": "http://www.adobe.com/support/security/bulletins/apsb12-08.html" } ], "release_date": "2012-04-05T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2012-04-10T20:24:00+00:00", "details": "Before applying this update, make sure all previously-released errata\nrelevant to your system have been applied.\n\nThis update is available via the Red Hat Network. Details on how to\nuse the Red Hat Network to apply this update are available at\nhttps://access.redhat.com/knowledge/articles/11258", "product_ids": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2012:0469" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "products": [ "5Client-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Client-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-0:9.5.1-1.el5.i386", "5Server-Supplementary:acroread-plugin-0:9.5.1-1.el5.i386", "6Client-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Client-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Server-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-0:9.5.1-1.el6_2.i686", "6Workstation-Supplementary-6.2.z:acroread-plugin-0:9.5.1-1.el6_2.i686" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "acroread: multiple unspecified flaws (APSB12-08, APSB12-01)" } ] }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.