«
Expand/Collapse
119 items tagged "adobe reader"
Related tags:
txt [+],
gentoo linux security [+],
cyber security alert [+],
acrobat [+],
zdi [+],
linux [+],
gentoo [+],
file [+],
cooltype [+],
adobe [+],
x. user [+],
technical cyber security alert [+],
remote [+],
pict images [+],
reader [+],
security advisory [+],
bugtraq [+],
x sandbox [+],
vulnerable [+],
ttf font [+],
poc [+],
idefense security advisory [+],
idefense [+],
icc [+],
acros [+],
x 509 [+],
vulnerabilities [+],
technical [+],
security problem [+],
security bulletin [+],
secunia [+],
red hat security [+],
problem [+],
pdfs [+],
openlimit [+],
multiple [+],
mac os x [+],
mac os [+],
libtiff [+],
glsa [+],
even internet [+],
day [+],
cyber [+],
code versions [+],
bypass [+],
atom type [+],
arbitrary code [+],
adobe systems inc [+],
adobe flash player [+],
code execution [+],
zsl [+],
whitepaper [+],
version [+],
structure [+],
stack buffer [+],
research [+],
reader plugin [+],
reader acrobat [+],
process [+],
plugin [+],
pdf [+],
memory management [+],
hijacking [+],
firefox [+],
d support [+],
d remote [+],
d pict [+],
custom memory [+],
bmp [+],
ace [+],
vulnerability [+],
security [+],
warns [+],
stack overflow [+],
security flaw [+],
secure [+],
sandbox [+],
sand [+],
s system [+],
richard johnson tags [+],
richard johnson [+],
remote security [+],
progressive mesh [+],
pict [+],
overflow vulnerability [+],
new [+],
more [+],
military contractor [+],
military [+],
memory error [+],
memory [+],
jpeg image data [+],
exploits [+],
enterprise [+],
encoding [+],
dll loading [+],
d tiff resource [+],
d pcx [+],
d memory [+],
d file [+],
d bmp [+],
corruption [+],
contractor [+],
clod [+],
castle made of sand [+],
castle [+],
buffer overflow [+],
buffer [+],
blog [+],
binary [+],
based buffer overflow [+],
aspr [+],
array index [+],
advisory [+],
memory corruption [+],
zero [+],
safer use [+],
code [+],
zero day [+]
-
-
16:00
»
SecuriTeam
Adobe Reader is prone to an unspecified remote code-execution vulnerability.
-
-
16:49
»
Packet Storm Security Advisories
OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.
-
16:49
»
Packet Storm Security Recent Files
OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.
-
16:49
»
Packet Storm Security Misc. Files
OpenLimit reader, an application aimed to provide security by validating X.509 signatures and signing PDFs inside Adobe Reader, contains completely outdated, superfluous and vulnerable components, which comprise 40% of the whole installation package.
-
-
13:23
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201206-14 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.5.1 are affected.
-
-
16:07
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
-
16:07
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
-
16:07
»
Packet Storm Security Misc. Files
Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
-
-
17:54
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
17:44
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
19:14
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:09
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
16:27
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2011-350A - Adobe has released Security Bulletin APSB11-30, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
16:27
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2011-350A - Adobe has released Security Bulletin APSB11-30, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
16:27
»
Packet Storm Security Misc. Files
Technical Cyber Security Alert 2011-350A - Adobe has released Security Bulletin APSB11-30, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
-
7:21
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1434-01 - This update fixes multiple security flaws in Adobe Reader. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. Various other issues were also addressed.
-
7:21
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1434-01 - This update fixes multiple security flaws in Adobe Reader. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. Various other issues were also addressed.
-
7:21
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1434-01 - This update fixes multiple security flaws in Adobe Reader. A PDF file with an embedded, specially-crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. A flaw in Adobe Flash Player could allow an attacker to conduct cross-site scripting (XSS) attacks if a victim were tricked into visiting a specially-crafted web page. Various other issues were also addressed.
-
11:10
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.
-
11:10
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.
-
11:10
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-302 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within because Adobe Reader X includes an old version of libtiff. Adobe can be tricked in using this library by parsing a specially crafted PDF file containing U3D data. Due to the old version of libtiff Adobe Reader is vulnerable to the issue described in CVE-2006-3459 which can be leveraged to execute remote code under the context of the user running the application.
-
11:09
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-301 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x0E opcode and it is read the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
11:09
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-301 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x0E opcode and it is read the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
11:09
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-301 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x0E opcode and it is read the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
10:59
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x10 opcode the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
10:59
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x10 opcode the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
10:59
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-300 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the way Adobe handles PICT images. When Adobe parses a PICT image containing an 0x10 opcode the following word in the file will be interpreted as a loop counter that copies data from the file into a heap buffer that has been created using the height and with of the picture. The resulting heap overflow can result in remote code execution under the rights of the current user.
-
-
15:02
»
Packet Storm Security Advisories
iDefense Security Advisory 09.13.11 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a JPEG file embedded inside a PDF file. When processing specific JPEG markers, Adobe Reader creates an object on the stack and keeps a pointer to that object in another place. The pointer is later dereferenced after the object on the stack becomes invalid. This can lead to the execution of arbitrary code.
-
15:02
»
Packet Storm Security Recent Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a JPEG file embedded inside a PDF file. When processing specific JPEG markers, Adobe Reader creates an object on the stack and keeps a pointer to that object in another place. The pointer is later dereferenced after the object on the stack becomes invalid. This can lead to the execution of arbitrary code.
-
15:02
»
Packet Storm Security Misc. Files
iDefense Security Advisory 09.13.11 - Remote exploitation of a use after free vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. The vulnerability occurs when parsing a JPEG file embedded inside a PDF file. When processing specific JPEG markers, Adobe Reader creates an object on the stack and keeps a pointer to that object in another place. The pointer is later dereferenced after the object on the stack becomes invalid. This can lead to the execution of arbitrary code.
-
-
18:45
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
18:45
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
13:00
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
4:19
»
Packet Storm Security Advisories
ACROS Security Problem Report #2011-02-11-1 - A binary planting vulnerability in Adobe Reader allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
-
4:19
»
Packet Storm Security Recent Files
ACROS Security Problem Report #2011-02-11-1 - A binary planting vulnerability in Adobe Reader allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
-
4:19
»
Packet Storm Security Misc. Files
ACROS Security Problem Report #2011-02-11-1 - A binary planting vulnerability in Adobe Reader allows local or remote (even Internet-based) attackers to deploy and execute malicious code on Windows machines in the context of logged-on users.
-
-
14:42
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
14:42
»
Packet Storm Security Misc. Files
Zero Day Initiative Advisory 11-074 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader on Mac OS X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The flaw exists within the U3D component distributed with the Reader. The application uses the Parent Node count to calculate the size of an allocation. This value is not properly validated and the result of this size calculation can be wrapped to an unexpectedly small and insufficient value. Writes to this newly allocated buffer can be outside the bounds of its allocation. A remote attacker can exploit this vulnerability to execute arbitrary code under the context of the application.
-
-
13:14
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201101-8 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Versions less than 9.4.1 are affected.
-
13:14
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201101-8 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Versions less than 9.4.1 are affected.
-
13:14
»
Packet Storm Security Misc. Files
Gentoo Linux Security Advisory 201101-8 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code. Versions less than 9.4.1 are affected.
-
-
11:36
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:17
»
SecuriTeam
Adobe Reader suffers from multiple memory corruption vulnerabilities.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:02
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2010-279A - Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
15:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0xFFFFFFFF a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process.
-
15:01
»
Packet Storm Security Recent Files
Zero Day Initiative Advisory 10-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. The code within ACE performs arithmetic on the second DWORD from the mluc structure and a value from the desc structure. The resulting integer is used for an allocation of a heap-based buffer. An attacker can forge these values to force the process to under-allocate this buffer and later overflow it during a copy operation. This leads to remote code execution under the context of the user running the application.
-
15:01
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2010-279A - Adobe has released Security Bulletin APSB10-21, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
15:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-191 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. When processing an ICC stream, the process performs math on two DWORD values from the input file. If these values wrap over the maximum integer value of 0xFFFFFFFF a mis-allocation can occur. Later, the process uses one of the original DWORD values as a size to a copy function. This can be abused by an attacker to overflow a stack buffer and subsequently execute code under the context of the user running the process.
-
15:01
»
Packet Storm Security Advisories
Zero Day Initiative Advisory 10-192 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader. User interaction is required in that a target must be coerced into opening a file or visiting a web page. The specific flaw exists within the ACE.dll module responsible for parsing ICC streams. Within the 'desc' tag there exists an embedded 'mluc' data structure. The code within ACE performs arithmetic on the second DWORD from the mluc structure and a value from the desc structure. The resulting integer is used for an allocation of a heap-based buffer. An attacker can forge these values to force the process to under-allocate this buffer and later overflow it during a copy operation. This leads to remote code execution under the context of the user running the application.
-
-
11:26
»
SecuriTeam
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe's Acrobat Reader.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
21:01
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the Smart INdependent Glyplets (SING) table handling within versions 8.2.4 and 9.3.4 of Adobe Reader. Prior version are assumed to be vulnerable as well.
-
-
23:01
»
Packet Storm Security Recent Files
Gentoo Linux Security Advisory 201009-5 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.3.4 are affected.
-
23:01
»
Packet Storm Security Advisories
Gentoo Linux Security Advisory 201009-5 - Multiple vulnerabilities in Adobe Reader might result in the execution of arbitrary code or other attacks. Multiple vulnerabilities were discovered in Adobe Reader. Versions less than 9.3.4 are affected.
-
-
20:01
»
Packet Storm Security Recent Files
Technical Cyber Security Alert 2010-231A - Adobe has released Security Bulletin APSB10-17, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
20:00
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2010-231A - Adobe has released Security Bulletin APSB10-17, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
-
-
23:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an uninitialized memory error in AcroForm.api when processing JPEG image data. This can be exploited to dereference out-of-bounds memory when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
-
23:01
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in Adobe Reader, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused by an array-indexing error in AcroForm.api when parsing GIF image data. This can be exploited to bypass a size check to cause a heap-based buffer overflow when a specially crafted PDF file is opened. Successful exploitation may allow execution of arbitrary code. Version 9.3.2 is affected.
-
-
21:05
»
Packet Storm Security Recent Files
Adobe Reader suffers from a remote memory corruption vulnerability that causes the application to crash while processing the malicious .PDF file. The issue is triggered when the reader tries to initialize the CoolType Typography Engine (cooltype.dll). Version 9.3.2 is affected.
-
21:04
»
Packet Storm Security Exploits
Adobe Reader suffers from a remote memory corruption vulnerability that causes the application to crash while processing the malicious .PDF file. The issue is triggered when the reader tries to initialize the CoolType Typography Engine (cooltype.dll). Version 9.3.2 is affected.
-
1:00
»
Packet Storm Security Advisories
Technical Cyber Security Alert 2010-103C - Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.