Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:23132
HistoryOct 27, 2011 - 12:00 a.m.

Adobe Reader复合字型索引签名扩展远程代码执行漏洞

2011-10-2700:00:00
Root
www.seebug.org
25

0.277 Low

EPSS

Percentile

96.3%

JSON

BUGTRAQ ID: 49581
CVE ID: CVE-2011-2441

Adobe Reader(也被称为Acrobat Reader)是美国Adobe公司开发的一款优秀的PDF文档阅读软件。Acrobat是1993年推出针对企业、技术人员和创意专业人士的系列产品,使智能文档的传送和协作更为灵活、可靠和安全。

Adobe Acrobat和Reader在实现上存在远程栈缓冲区溢出漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码。

Adobe Reader处理复合字型时存在特定漏洞。当字型多于0x7FFF "numberOfContours"时,会出现签名扩展,造成缓冲区下溢。当Reader解析字体信息时会检查简单字型,但是复合字型中的numberOfContours值是所有子字型的总和并不被检查,这导致远程代码执行。

Adobe Acrobat 9.x
Adobe Reader 9.x
厂商补丁:

Adobe

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.adobe.com/support/security/

Related

prion 1
zdi 2
cvelist 1
cve 1
ubuntucve 1
securityvulns 3
checkpoint_advisories 1
openvas 9
nessus 10
suse 3
freebsd 1
gentoo 1
prion
prion
Stack overflow
2011-09-15 12:26:00
zdi
zdi
Adobe Reader Compound Glyphs Array Indexing Error Remote Code Execution Vulnerability
2011-10-13 00:00:00
Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability
2011-10-26 00:00:00
cvelist
cvelist
CVE-2011-2441
2011-09-15 10:00:00
cve
cve
CVE-2011-2441
2011-09-15 12:26:00
ubuntucve
ubuntucve
CVE-2011-2441
2011-09-15 00:00:00
securityvulns
securityvulns
ZDI-11-310 : Adobe Reader Compound Glyph Index Sign Extension Remote Code Execution Vulnerability
2011-10-31 00:00:00
Security updates available for Adobe Reader and Acrobat
2011-09-16 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2011-10-31 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Reader TTF Glyf Code Execution (APSB11-24; CVE-2011-2441)
2011-10-04 00:00:00
openvas
openvas
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Mac OS X
2011-10-28 00:00:00
Adobe Reader Multiple Vulnerabilities (Sep 2011) - Linux
2011-10-28 00:00:00
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Windows
2011-10-28 00:00:00
nessus
nessus
openSUSE Security Update : acroread (openSUSE-2011-54)
2014-06-13 00:00:00
SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)
2011-12-13 00:00:00
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)
2011-12-13 00:00:00
suse
suse
remote code execution in acroread
2011-11-21 11:41:08
acroread (critical)
2011-11-14 22:08:22
Security update for Acrobat Reader (critical)
2011-11-15 00:08:44
freebsd
freebsd
acroread9 -- Multiple Vulnerabilities
2011-12-07 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

0.277 Low

EPSS

Percentile

96.3%

JSON
Related for SSV:23132
prion1zdi2cvelist1cve1ubuntucve1securityvulns3checkpoint_advisories1openvas9nessus10suse3freebsd1gentoo1