Lucene search
RootSSV:19499HistoryApr 24, 2010 - 12:00 a.m.
Adobe下载管理器gp.ocx ActiveX控件缓冲区溢出漏洞
2010-04-2400:00:00
Root
www.seebug.org
14
0.66 Medium
EPSS
Percentile
97.6%
BUGTRAQ ID: 39615
CVE ID: CVE-2010-1278
Adobe Download Manager直接与Adobe服务器配合工作, 可帮助控制Adobe Reader、Adobe Acrobat及其他Adobe文件的下载过程。
Adobe Download Manager所安装的gp.ocx ActiveX控件在初始化期间将两个参数值拷贝到了固定长度的缓冲区,如果用户受骗访问了恶意网页并传送了超长参数就可以触发缓冲区溢出,导致执行任意代码。
Adobe Acrobat 9.x
Adobe Acrobat 8.x
Adobe Download Manager
Adobe Reader 9.x
Adobe Reader 8.x
临时解决方法:
- 为CLSID {E2883E8F-472F-4fb0-9522-AC9BF37916A7}设置kill bit。
厂商补丁:
Adobe
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
http://www.adobe.com/support/security/bulletins/apsb10-02.html
Related
prion
prion
Buffer overflow
2010-04-22 14:30:00
cve
cve
CVE-2010-1278
2010-04-22 14:30:00
securityvulns
securityvulns
ZDI-10-077: Adobe Download Manager Atlcom.get_atlcom ActiveX Control Remote Code Execution Vulnerability
2010-04-22 00:00:00
Adobe Download Manager ActiveX buffer overflow
2010-04-22 00:00:00
cvelist
cvelist
CVE-2010-1278
2010-04-22 14:00:00
zdi
zdi
openvas
openvas
Adobe Reader/Acrobat Multiple Vulnerabilities (Jan 2010) - Windows
2010-01-16 00:00:00
nessus
nessus
Adobe Reader < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)
2010-01-13 00:00:00
Adobe Acrobat < 9.3 / 8.2 Multiple Vulnerabilities (APSB10-02)
2010-01-13 00:00:00