You are here

T-718:Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code

September 15, 2011 - 8:45am

Addthis

PROBLEM:

Adobe Acrobat/Reader Multiple Bugs Let Remote Users Execute Arbitrary Code.

PLATFORM:

Adobe Reader X (10.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.5 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Reader 8.3 and earlier 8.x versions for Windows and Macintosh
Adobe Acrobat X (10.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.5 and earlier 9.x versions for Windows and Macintosh
Adobe Acrobat 8.3 and earlier 8.x versions for Windows and Macintosh

ABSTRACT:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

reference  LINKS:

Adobe Reader and Acrobat Security Bulletin and Update
SecurityTracker Alert ID: 1026044

IMPACT ASSESSMENT:

High

Discussion:

Multiple vulnerabilities were reported in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system. A local user can gain elevated privileges on the target system. A remote user can create a specially crafted file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

A security bypass vulnerability can trigger code execution [CVE-2011-2431]
A buffer overflow vulnerability in the U3D TIFF Resource can cause code execution [CVE-2011-2432]
A heap overflow can cause code execution [CVE-2011-2433],[CVE-2011-2434],[CVE-2011-2436],[CVE-2011-2437]
A buffer overflow can cause code execution [CVE-2011-2435].
Several stack overflows can cause code execution [CVE-2011-2438].
A memory leak can cause code execution [CVE-2011-2439].
A use-after-free memory error can cause code execution [CVE-2011-2440].
Two stack overflows in the 'CoolType.dll' library can cause code execution [CVE-2011-2441].
A logic error can cause code execution [CVE-2011-2442].
A local user on Windows-based systems can can elevated privileges [CVE-2011-1353]. Adobe Reader 10.x is affected.

Impact:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. A local user can gain elevated privileges on the target system.

Solution:

The vendor has issued a fix (8.3.1, 9.4.6, 10.1.1). Adobe Reader and Acrobat Security Updates
 

Addthis