Red Hat update for acroread



| Updated: 2017-05-02
Risk Critical
Patch available YES
Number of vulnerabilities 15
CVE-ID CVE-2010-0190
CVE-2010-0191
CVE-2010-0192
CVE-2010-0193
CVE-2010-0194
CVE-2010-0195
CVE-2010-0196
CVE-2010-0197
CVE-2010-0198
CVE-2010-0199
CVE-2010-0201
CVE-2010-0202
CVE-2010-0203
CVE-2010-0204
CVE-2010-1241
CWE-ID CWE-79
CWE-20
CWE-119
Exploitation vector Network
Public exploit Vulnerability #15 is being exploited in the wild.
Vulnerable software
Red Hat Enterprise Linux Desktop
Operating systems & Components / Operating system

Red Hat Enterprise Linux Server
Operating systems & Components / Operating system

Vendor Red Hat Inc.

Security Bulletin

This security bulletin contains information about 15 vulnerabilities.

1) Cross-site scripting

EUVDB-ID: #VU4602

Risk: Low

CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0190

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

Vulnerability allows a remote authenticated attacker to perform XSS attacks.

The vulnerability is caused by an input validation error in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can trick the victim to open a specially specially crafted PDF file and execute arbitrary HTML and script code in victim's browser in security context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.


Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU4603

Risk: High

CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0191

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to input validation error when handling protocol URIs. A remote attacker can create a specially crafted shortcut, trick the victim into clicking it and execute arbitrary commands on the target system with privileges of the current user.

Successful exploitation of the vulnerability may result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Input validation error

EUVDB-ID: #VU4604

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0192

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Input validation error

EUVDB-ID: #VU4606

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0193

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Input validation error

EUVDB-ID: #VU4607

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0194

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Memory corruption

EUVDB-ID: #VU4611

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0195

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing fonts within PDF files. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Input validation error

EUVDB-ID: #VU4612

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0196

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Input validation error

EUVDB-ID: #VU4613

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0197

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Buffer overflow

EUVDB-ID: #VU4614

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0198

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing PDF files in Adobe Reader and Acrobat. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Buffer overflow

EUVDB-ID: #VU4615

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0199

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to boundary error when processing PDF files in Adobe Reader and Acrobat. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Input validation error

EUVDB-ID: #VU4616

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0201

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Input validation error

EUVDB-ID: #VU4617

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0202

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Input validation error

EUVDB-ID: #VU4618

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0203

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Input validation error

EUVDB-ID: #VU4619

Risk: High

CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0204

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to input validation error when processing PDF files in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X. A remote attacker can create a specially specially crafted PDF file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.

Successful exploitation of the vulnerability will result in system compromise.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Heap-based buffer overflow

EUVDB-ID: #VU4620

Risk: Critical

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C]

CVE-ID: CVE-2010-1241

CWE-ID: CWE-119 - Memory corruption

Exploit availability: No

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error in the custom heap management system in Adobe Reader and Acrobat. A remote attacker can create a specially crafted PDF file, trick the victim into opening it, trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

CPE2.3 External links

http://access.redhat.com/errata/RHSA-2010:0349


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.



###SIDEBAR###