Lucene search
RootSSV:23136HistoryOct 27, 2011 - 12:00 a.m.
Adobe Reader U3D PICT 0Eh远程代码执行漏洞(CVE-2011-2434)
2011-10-2700:00:00
Root
www.seebug.org
10
0.277 Low
EPSS
Percentile
96.3%
BUGTRAQ ID: 49577
CVE ID: CVE-2011-2434
Adobe Reader(也被称为Acrobat Reader)是美国Adobe公司开发的一款优秀的PDF文档阅读软件。Acrobat是1993年推出针对企业、技术人员和创意专业人士的系列产品,使智能文档的传送和协作更为灵活、可靠和安全。
Adobe Acrobat和Reader在实现上存在远程堆缓冲区溢出漏洞,远程攻击者可利用此漏洞以当前用户权限执行任意代码。
Adobe处理PICT图形时存在特定漏洞。当Adobe解析包含0x10操作码的PICT图形时,文件中的某些字会被解析为循环计数器,将文件中的数据复制到用图片的高度和宽度创建的堆缓冲区,造成堆缓冲区溢出。
Adobe Acrobat 9.x
Adobe Reader 9.x
厂商补丁:
Adobe
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
securityvulns
securityvulns
ZDI-11-301 : Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
2011-10-31 00:00:00
Security updates available for Adobe Reader and Acrobat
2011-09-16 00:00:00
Adobe Acrobat / Reader multiple security vulnerabilities
2011-10-31 00:00:00
zdi
zdi
Adobe Reader U3D PICT 0Eh Encoding Remote Code Execution Vulnerability
2011-10-26 00:00:00
checkpoint_advisories
checkpoint_advisories
cve
cve
prion
prion
ubuntucve
ubuntucve
openvas
openvas
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Mac OS X
2011-10-28 00:00:00
Adobe Reader Multiple Vulnerabilities (Sep 2011) - Linux
2011-10-28 00:00:00
Adobe Reader and Acrobat Multiple Vulnerabilities (APSB11-24) - Windows
2011-10-28 00:00:00
nessus
nessus
openSUSE Security Update : acroread (openSUSE-2011-54)
2014-06-13 00:00:00
SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 5412)
2011-12-13 00:00:00
openSUSE Security Update : acroread (openSUSE-SU-2011:1238-1)
2014-06-13 00:00:00
suse
suse
remote code execution in acroread
2011-11-21 11:41:08
Security update for Acrobat Reader (critical)
2011-11-15 00:08:44
acroread (critical)
2011-11-14 22:08:22
freebsd
freebsd
acroread9 -- Multiple Vulnerabilities
2011-12-07 00:00:00
redhat
redhat
(RHSA-2011:1434) Critical: acroread security update
2011-11-08 00:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2012-01-30 00:00:00