Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201009-05
HistorySep 07, 2010 - 12:00 a.m.

Adobe Reader: Multiple vulnerabilities

2010-09-0700:00:00
Gentoo Foundation
security.gentoo.org
20

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

Background

Adobe Reader (formerly Adobe Acrobat Reader) is a closed-source PDF reader.

Description

Multiple vulnerabilities were discovered in Adobe Reader. For further information please consult the CVE entries and the Adobe Security Bulletins referenced below.

Impact

A remote attacker might entice a user to open a specially crafted PDF file, possibly resulting in the execution of arbitrary code with the privileges of the user running the application, or bypass intended sandbox restrictions, make cross-domain requests, inject arbitrary web script or HTML, or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Adobe Reader users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-text/acroread-9.3.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-text/acroread< 9.3.4UNKNOWN

Related

openvas 17
nessus 32
securityvulns 8
suse 2
redhat 3
prion 26
ubuntucve 26
cve 26
checkpoint_advisories 12
threatpost 6
packetstorm 7
seebug 9
cisa_kev 2
exploitpack 4
saint 11
attackerkb 2
canvas 2
metasploit 1
cert 2
zeroscience 1
openvas
openvas
Gentoo Security Advisory GLSA 201009-05 (acroread)
2011-03-09 00:00:00
Gentoo Security Advisory GLSA 201009-05 (acroread)
2011-03-09 00:00:00
Adobe Acrobat and Reader Multiple Vulnerabilities (Jul 2010) - Windows
2010-07-12 00:00:00
nessus
nessus
GLSA-201009-05 : Adobe Reader: Multiple vulnerabilities
2010-09-08 00:00:00
SuSE 11 Security Update : acroread_ja (SAT Patch Number 2322)
2010-12-02 00:00:00
SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 2320)
2010-12-02 00:00:00
securityvulns
securityvulns
Adobe Acrobat and Reader multiple security vulnerabilities
2010-04-19 00:00:00
Security update available for Adobe Reader and Acrobat
2010-04-19 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2010-07-01 00:00:00
suse
suse
remote code execution in acroread
2010-04-21 14:05:14
remote code execution in acroread
2010-07-08 11:59:38
redhat
redhat
(RHSA-2010:0349) Critical: acroread security update
2010-04-14 00:00:00
(RHSA-2010:0503) Critical: acroread security update
2010-06-30 00:00:00
(RHSA-2010:0114) Critical: acroread security and bug fix update
2010-02-18 00:00:00
prion
prion
Memory corruption
2010-06-30 18:30:00
Memory corruption
2010-06-30 18:30:00
Memory corruption
2010-06-30 18:30:00
ubuntucve
ubuntucve
CVE-2010-2211
2010-06-30 00:00:00
CVE-2010-2209
2010-06-30 00:00:00
CVE-2010-2207
2010-06-30 00:00:00
cve
cve
CVE-2010-2207
2010-06-30 18:30:00
CVE-2010-2202
2010-06-30 18:30:00
CVE-2010-2210
2010-06-30 18:30:00
checkpoint_advisories
checkpoint_advisories
PDF Files Containing Embedded Adobe Flash Movies (CVE-2010-1297; CVE-2010-2168; CVE-2010-2201)
2010-06-30 00:00:00
Adobe Flash Player Subvert Domain Sandbox (APSB10-06; CVE-2010-0186)
2010-02-21 00:00:00
Adobe Reader U3D array boundary code execution (APSB10-02: CVE-2009-3953)
2015-05-11 00:00:00
threatpost
threatpost
Adobe Plugs Critical PDF Code Execution Flaw
2010-02-16 21:14:52
Recently Patched Adobe PDF Flaw Being 'Actively Exploited'
2010-03-10 21:37:09
Adobe to Release Flash Patch June 10
2010-06-08 10:56:42
packetstorm
packetstorm
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat Reader
2010-09-24 00:00:00
Adobe Reader 9.3.2 Memory Corruption / Denial Of Service
2010-06-30 00:00:00
Month Of Abysssec Undisclosed Bugs - Adobe Acrobat / Reader
2010-09-13 00:00:00
seebug
seebug
Adobe Acrobat Reader and Flash - 'newfunction' Remote Code Execution Vulnerability
2014-07-01 00:00:00
Adobe Reader/Acrobat 'newplayer()' JavaScript方法远程代码执行漏洞
2009-12-17 00:00:00
Adobe Reader and Acrobat (CVE-2009-4324) Exploit
2009-12-23 00:00:00
cisa_kev
cisa_kev
Adobe Acrobat and Reader Universal 3D Remote Code Execution Vulnerability
2022-06-08 00:00:00
Adobe Acrobat and Reader Use-After-Free Vulnerability
2022-06-08 00:00:00
exploitpack
exploitpack
Adobe Acrobat Reader and Flash - newfunction Remote Code Execution
2010-09-23 00:00:00
Adobe Acrobat Reader and Flash Player - newclass Invalid Pointer
2010-09-01 00:00:00
Adobe Reader 9.3.2 - CoolType.dll Remote Memory Corruption Denial of Service
2010-06-29 00:00:00
saint
saint
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
Adobe Reader media.newPlayer Use-After-Free Code Execution
2009-12-23 00:00:00
attackerkb
attackerkb
CVE-2009-4324
2009-12-15 00:00:00
CVE-2010-1297
2010-06-08 00:00:00
canvas
canvas
Immunity Canvas: FLASH_NEWFUNCTION
2010-06-08 18:30:00
Immunity Canvas: ACROBAT_NEWPLAYER
2009-12-15 02:30:00
metasploit
metasploit
Adobe Flash Player "newfunction" Invalid Pointer Use
2010-06-10 20:28:05
cert
cert
Adobe Flash ActionScript AVM2 newfunction vulnerability
2010-06-07 00:00:00
Adobe Acrobat and Reader contain a use-after-free vulnerability in the JavaScript Doc.media.newPlayer method
2009-12-15 00:00:00
zeroscience
zeroscience
Adobe Reader 9.3.2 (CoolType.dll) Remote Memory Corruption / DoS Vulnerability
2010-06-29 00:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON
Related for GLSA-201009-05
openvas17nessus32securityvulns8suse2redhat3prion26ubuntucve26cve26checkpoint_advisories12threatpost6packetstorm7seebug9cisa_kev2exploitpack4saint11attackerkb2canvas2metasploit1cert2zeroscience1