RHSA-2010_0060
Vulnerability from csaf_redhat - Published: 2010-01-20 14:38 - Updated: 2024-11-14 10:47Summary
Red Hat Security Advisory: acroread security update
Severity
Critical
Notes
Topic: The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras
contain security flaws and should not be used.
This update has been rated as having critical security impact by the Red
Hat Security Response Team.
Details: Adobe Reader allows users to view and print documents in Portable Document
Format (PDF).
Adobe Reader 8.1.7 is vulnerable to critical security flaws and should no
longer be used. A specially-crafted PDF file could cause Adobe Reader to
crash or, potentially, execute arbitrary code as the user running Adobe
Reader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,
CVE-2009-3955, CVE-2009-3959, CVE-2009-3956)
Adobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader
9 for Linux is not compatible with Red Hat Enterprise Linux 3. An
alternative PDF file viewer available in Red Hat Enterprise Linux 3 is
xpdf.
This update removes the acroread packages due to their known security
vulnerabilities.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration "array boundary issue," a different vulnerability than CVE-2009-2994.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a "DLL-loading vulnerability."
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a "script injection vulnerability," as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.
4.3 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
6.8 ()
Vendor Fix
Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.
This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259
https://access.redhat.com/errata/RHSA-2010:0060
References
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "The acroread packages as shipped in Red Hat Enterprise Linux 3 Extras\ncontain security flaws and should not be used.\n\nThis update has been rated as having critical security impact by the Red\nHat Security Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "Adobe Reader allows users to view and print documents in Portable Document\nFormat (PDF).\n\nAdobe Reader 8.1.7 is vulnerable to critical security flaws and should no\nlonger be used. A specially-crafted PDF file could cause Adobe Reader to\ncrash or, potentially, execute arbitrary code as the user running Adobe\nReader when opened. (CVE-2009-4324, CVE-2009-3953, CVE-2009-3954,\nCVE-2009-3955, CVE-2009-3959, CVE-2009-3956)\n\nAdobe have discontinued support for Adobe Reader 8 for Linux. Adobe Reader\n9 for Linux is not compatible with Red Hat Enterprise Linux 3. An\nalternative PDF file viewer available in Red Hat Enterprise Linux 3 is\nxpdf.\n\nThis update removes the acroread packages due to their known security\nvulnerabilities.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2010:0060",
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#critical",
"url": "https://access.redhat.com/security/updates/classification/#critical"
},
{
"category": "external",
"summary": "http://www.adobe.com/support/security/bulletins/apsb10-02.html",
"url": "http://www.adobe.com/support/security/bulletins/apsb10-02.html"
},
{
"category": "external",
"summary": "547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2010/rhsa-2010_0060.json"
}
],
"title": "Red Hat Security Advisory: acroread security update",
"tracking": {
"current_release_date": "2024-11-14T10:47:51+00:00",
"generator": {
"date": "2024-11-14T10:47:51+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.0"
}
},
"id": "RHSA-2010:0060",
"initial_release_date": "2010-01-20T14:38:00+00:00",
"revision_history": [
{
"date": "2010-01-20T14:38:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2010-01-20T09:38:14+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-14T10:47:51+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3 Extras",
"product": {
"name": "Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product": {
"name": "Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_extras:3"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux Supplementary"
},
{
"branches": [
{
"category": "product_version",
"name": "acroread-uninstall-0:9.3-3.i386",
"product": {
"name": "acroread-uninstall-0:9.3-3.i386",
"product_id": "acroread-uninstall-0:9.3-3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/acroread-uninstall@9.3-3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux AS version 3 Extras",
"product_id": "3AS-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3AS-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Desktop version 3 Extras",
"product_id": "3Desktop-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3Desktop-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux ES version 3 Extras",
"product_id": "3ES-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3ES-LACD"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "acroread-uninstall-0:9.3-3.i386 as a component of Red Hat Enterprise Linux WS version 3 Extras",
"product_id": "3WS-LACD:acroread-uninstall-0:9.3-3.i386"
},
"product_reference": "acroread-uninstall-0:9.3-3.i386",
"relates_to_product_reference": "3WS-LACD"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-3953",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Mac OS X, and 7.x before 7.1.4 allows remote attackers to execute arbitrary code via malformed U3D data in a PDF document, related to a CLODProgressiveMeshDeclaration \"array boundary issue,\" a different vulnerability than CVE-2009-2994.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3953"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3953",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3953"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3953"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3954",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "The 3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors, related to a \"DLL-loading vulnerability.\"",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3954"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3954",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3954"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3954"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3955",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted JPC_MS_RGN marker in the Jp2c stream of a JpxDecode encoded data stream, which triggers an integer sign extension that bypasses a sanity check, leading to memory corruption.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3955"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3955",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3955"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3955"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-3956",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554296"
}
],
"notes": [
{
"category": "description",
"text": "The default configuration of Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, does not enable the Enhanced Security feature, which has unspecified impact and attack vectors, related to a \"script injection vulnerability,\" as demonstrated by Acrobat Forms Data Format (FDF) behavior that allows cross-site scripting (XSS) by user-assisted remote attackers.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: script injection vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3956"
},
{
"category": "external",
"summary": "RHBZ#554296",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554296"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3956",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3956"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3956"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "acroread: script injection vulnerability (APSB10-02)"
},
{
"cve": "CVE-2009-3959",
"discovery_date": "2010-01-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "554293"
}
],
"notes": [
{
"category": "description",
"text": "Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a malformed PDF document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: multiple code execution flaws (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-3959"
},
{
"category": "external",
"summary": "RHBZ#554293",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=554293"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-3959",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-3959"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3959"
}
],
"release_date": "2010-01-12T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: multiple code execution flaws (APSB10-02)"
},
{
"cve": "CVE-2009-4324",
"discovery_date": "2009-12-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "547799"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2009-4324"
},
{
"category": "external",
"summary": "RHBZ#547799",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=547799"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2009-4324",
"url": "https://www.cve.org/CVERecord?id=CVE-2009-4324"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2009-4324"
},
{
"category": "external",
"summary": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"release_date": "2009-12-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2010-01-20T14:38:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network. Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
"product_ids": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2010:0060"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"3AS-LACD:acroread-uninstall-0:9.3-3.i386",
"3Desktop-LACD:acroread-uninstall-0:9.3-3.i386",
"3ES-LACD:acroread-uninstall-0:9.3-3.i386",
"3WS-LACD:acroread-uninstall-0:9.3-3.i386"
]
}
],
"threats": [
{
"category": "exploit_status",
"date": "2022-06-08T00:00:00+00:00",
"details": "CISA: https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "impact",
"details": "Critical"
}
],
"title": "acroread: media.newplayer JavaScript API code execution vulnerability (APSB10-02)"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…