Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
seebugRootSSV:23133
HistoryOct 27, 2011 - 12:00 a.m.

Adobe Reader U3D PCX解析远程代码执行漏洞

2011-10-2700:00:00
Root
www.seebug.org
14

0.354 Low

EPSS

Percentile

97.2%

JSON

BUGTRAQ ID: 49579
CVE ID: CVE-2011-2437

Adobe Reader(也被称为Acrobat Reader)是美国Adobe公司开发的一款优秀的PDF文档阅读软件。Acrobat是1993年推出针对企业、技术人员和创意专业人士的系列产品,使智能文档的传送和协作更为灵活、可靠和安全。

Adobe Acrobat和Reader在实现上存在远程堆缓冲区溢出漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码。

Adobe图形解析库中存在漏洞,当Reader解析.PCX图形时会根据图形的高度和宽度创建32位的循环计数器。然后进入循环,将数据从文件中复制到内存缓冲区,但该函数中使用的循环计数器是16位的整数,这样当最大的循环计数器大于0xFFFF时就会进入无限循环。利用此漏洞可允许远程代码执行。

Adobe Acrobat 9.x
Adobe Reader 9.x
厂商补丁:

Adobe

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

http://www.adobe.com/support/security/

Related

zdi 1
checkpoint_advisories 1
securityvulns 3
cve 3
cvelist 3
prion 3
nvd 3
ubuntucve 3
openvas 9
nessus 11
suse 3
freebsd 1
redhat 1
gentoo 1
zdi
zdi
Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
2011-10-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe PDF file PCX Buffer Overflow (APSB11-24; CVE-2011-2437)
2011-09-20 00:00:00
securityvulns
securityvulns
ZDI-11-297 : Adobe Reader U3D PCX Parsing Remote Code Execution Vulnerability
2011-10-31 00:00:00
Security updates available for Adobe Reader and Acrobat
2011-09-16 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2011-10-31 00:00:00
cve
cve
CVE-2011-2434
2011-09-15 12:26:49
CVE-2011-2433
2011-09-15 12:26:49
CVE-2011-2437
2011-09-15 12:26:49
cvelist
cvelist
CVE-2011-2437
2011-09-15 10:00:00
CVE-2011-2433
2011-09-15 10:00:00
CVE-2011-2434
2011-09-15 10:00:00
prion
prion
Heap overflow
2011-09-15 12:26:00
Heap overflow
2011-09-15 12:26:00
Heap overflow
2011-09-15 12:26:00
nvd
nvd
CVE-2011-2437
2011-09-15 12:26:49
CVE-2011-2433
2011-09-15 12:26:49
CVE-2011-2434
2011-09-15 12:26:49
ubuntucve
ubuntucve
CVE-2011-2433
2011-09-15 00:00:00
CVE-2011-2434
2011-09-15 00:00:00
CVE-2011-2437
2011-09-15 00:00:00
openvas
openvas
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Mac OS X
2011-10-28 00:00:00
Adobe Reader Multiple Vulnerabilities (Sep 2011) - Linux
2011-10-28 00:00:00
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Windows
2011-10-28 00:00:00
nessus
nessus
openSUSE Security Update : acroread (openSUSE-2011-54)
2014-06-13 00:00:00
SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)
2011-12-13 00:00:00
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7833)
2011-12-13 00:00:00
suse
suse
remote code execution in acroread
2011-11-21 11:41:08
acroread (critical)
2011-11-14 22:08:22
Security update for Acrobat Reader (critical)
2011-11-15 00:08:44
freebsd
freebsd
acroread9 -- Multiple Vulnerabilities
2011-12-07 00:00:00
redhat
redhat
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00

0.354 Low

EPSS

Percentile

97.2%

JSON
Related for SSV:23133
zdi1checkpoint_advisories1securityvulns3cve3cvelist3prion3nvd3ubuntucve3openvas9nessus11suse3freebsd1redhat1gentoo1