SB2010082001 - Red Hat update for acroread

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2010082001

SB2010082001 - Red Hat update for acroread

Published: August 20, 2010 Updated: May 2, 2017

Security Bulletin ID SB2010082001
Severity
Critical
Patch available
YES
Number of vulnerabilities 6
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Critical 17% High 67% Medium 17%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.


1) Memory corruption (CVE-ID: CVE-2010-0209)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote unauthenticated attacker can create a specially crated .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


2) Memory corruption (CVE-ID: CVE-2010-2213)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to multiple boundary errors when processing .swf files. A remote unauthenticated attacker can create a specially crated .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


3) Memory corruption (CVE-ID: CVE-2010-2214)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote unauthenticated attacker can create a specially crated .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


4) Click-jacking attack (CVE-ID: CVE-2010-2215)

The vulnerability allows a remote attacker to perform click-jacking attacks.

The vulnerability exists due to input validation error when processing untrusted data. A remote unauthenticated attacker can create a specially crated .swf file, trick the victim into opening it and perform click-jacking attack.

Successful exploitation of this vulnerability may allow an attacker to gain access to potentially sensitive date or perform phishing attacks.


5) Memory corruption (CVE-ID: CVE-2010-2216)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to boundary error when processing .swf files. A remote unauthenticated attacker can create a specially crated .swf file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.


6) Integer overflow (CVE-ID: CVE-2010-2862)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow in CoolType.dll when processing TrueType fonts with a large maxCompositePoints value in a Maximum Profile (maxp) table within PDF files. A remote attacker can create a specially crafted PDF file, trick the victim into opening it and execute arbitrary code on the target system with privileges of the current user.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

Note: this vulnerability is being actively exploited in the wild.



Remediation

Install update from vendor's website.

References