Next Page >>
Adobe Acrobat Professional
VUPEN Vulnerability Research - Adobe Acrobat and Reader U3D Filter Code
Execution Vulnerabilities
I. BACKGROUND ---------------------
Adobe Acrobat is a family of computer programs developed by Adobe
Systems, designed to view, create, manipulate and manage files in
Adobe's Portable Document Format (PDF).
VUPEN Security Research - Adobe Acrobat and Reader PNG Data Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader JPEG Data Buffer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader #1023 Tag Buffer Overflow
Vulnerability (CVE-2010-2212)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
I. BACKGROUND
---------------------
Adobe Acrobat is a family of computer programs developed by Adobe
Systems, designed to view, create, manipulate and manage files in
Adobe's Portable Document Format (PDF).
II. DESCRIPTION
VUPEN Security Research - Adobe Acrobat and Reader "pushstring" Memory
Corruption Vulnerability (CVE-2010-2201)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader "newfunction" Memory
Corruption Vulnerability (CVE-2010-2168)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
VUPEN Security Research - Adobe Acrobat and Reader "newclass" Memory
Corruption Vulnerability (CVE-2010-1285)
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
"Adobe Acrobat and Reader are the global standards for electronic
Summary:
A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.
Affected Software Versions:
VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow
Vulnerability
http://www.vupen.com/english/research.php
I. BACKGROUND
---------------------
Adobe Acrobat and Reader are the global standards for electronic document
Adobe Acrobat Professional Javascript For PDF Security Feature Bypass
and Memory Corruption Vulnerabilities
by cocoruder(frankruder_at_hotmail.com)
http://ruder.cdut.net
Summary:
Two critical vulnerabilities exist in the javascript API of Adobe
ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-014
March 24, 2009
-- CVE ID:
CVE-2009-0927
-- Affected Vendors:
Adobe
Summary:
A design error vulnerability exists in Adobe Reader and Adobe
Acrobat Professional. A remote attacker who successfully exploit this
vulnerability can control the printer without user's permission.
Affected Software Versions:
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.007 15-Oct-2009
_______________________________________________________________________
Vendor: Adobe Systems Incorporated, http://www.adobe.com
Affected Products: Adobe Acrobat Reader/Acrobat
Version: 8.1.3 - 8.1.6
Platform: Windows
Vulnerability: Invalid pointer write could lead to arbitrary
code execution
Risk: HIGH
Adobe Acrobat 9.1.2 NOS Local Privilege Escalation Exploit
This exploit is based on the brief information provided by
Nine:Situations:Group (http://www.milw0rm.com/exploits/9199).
Exploiting improper permissions is fun.
A few notes are in order though. The getPlus service (that I tested,
via 9.1.2) isn't installed as an "Automatic" service, therefore making
it slightly harder (but not hard) to practically use to your
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Reader
Adobe Acrobat
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Acrobat and Adobe Reader. User
interaction is required to exploit this vulnerability in that the target
=
= Vendor Website:
= http://www.adobe.com
=
= Affected Version:
= Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8
=
= Vendor Notified - February 2007
= Public Disclosure - May 2008
=
http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D
=
= Vendor Website:
= http://www.adobe.com
=
= Affected Version:
= Adobe Acrobat Reader, Acrobat Professional 7, Acrobat Professional 8
=
= Vendor Notified - February 2007
= Public Disclosure - May 2008
=
http://www.security-assessment.com/files/advisories/2008-05-15_Acrobat_D
JavaScript is not required to exploit this vulnerability, however, it
does make exploitation simpler.
IV. DETECTION
Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and
prior versions are vulnerable.
V. WORKAROUND
None of the following workarounds will prevent exploitation, but they
SUMMARY
Critical vulnerabilities exist in a large number of widely used web
authoring tools that automatically generate Shockwave Flash (SWF)
files, such as Adobe (r) Dreamweaver (r), Adobe Acrobat (r) Connect
(tm) (formerly Macromedia Breeze), InfoSoft FusionCharts, and
Techsmith Camtasia. The flaws render websites that host these
generated SWF files vulnerable to Cross-Site Scripting (XSS).
This problem is not limited to authoring tools. Autodemo, a popular
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Acrobat
Adobe Reader
-- TippingPoint(TM) IPS Customer Protection:
TippingPoint IPS customers have been protected against this
vulnerability by Digital Vaccine protection filter ID 8658.
preview is enable in Windows Explorer, this vulnerability can be
triggered simply by accessing a folder containing PDF files.
IV. DETECTION
Acrobat Reader and Acrobat Professional versions 7.1.0, 8.1.3, 9.0.0 and
prior versions are vulnerable.
V. WORKAROUND
None of the following workarounds will prevent exploitation, but they
======================================================================
Secunia Research 04/11/2008
- Adobe Acrobat/Reader "util.printf()" Buffer Overflow -
======================================================================
Table of Contents
Affected Software....................................................1
-- Affected Vendors:
Adobe
-- Affected Products:
Adobe Acrobat
-- Vulnerability Details:
This vulnerability allows remote attackers to execute arbitrary code on
vulnerable installations of Adobe Acrobat and Adobe Reader. User
interaction is required to exploit this vulnerability in that the target
----------------------------------------------------------------
I found an interesting privacy issue while analyzing PDF files. This bug
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
default it invokes the IE print handler. So, you will still see this issue
in the generated PDF.
----------------------------------------------------------------
I found an interesting privacy issue while analyzing PDF files. This bug
occurs when you are using Internet Explorer to print locally saved web pages
as PDF and affects all IE versions including IE8. It does not matter which
PDF generation software you are using like Adobe Acrobat Professional,
CutePDF, PrimoPDF, etc as long as you are invoking it from inside the IE
print function. In Windows, even when your default browser is not IE and if
you right click a file to select the PRINT from the context menu, then by
default it invokes the IE print handler. So, you will still see this issue
in the generated PDF.
ZDI-08-004: Adobe Acrobat Javascript for PDF Integer Overflow
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-08-004.html
February 11, 2008
-- Affected Vendor:
Adobe
-- Affected Products:
Reader 8.1.1 and earlier versions
1) This is interesting bug in draw image function
2) This vulnerability exists NOT only in xpdf application
3) Adobe Acrobat Reader is vulnerable to this attack too (but ONLY Linux
version !!!)
4) Adobe Acrobat Reader didn’t know about this bug but in his last
release fix this vulnerability.
Next Page>>
|
