Alert GCSA-11018 - APSB11-03 Vulnerabilita' in Adobe Reader e Acrobat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11018
Data : 11 febbraio 2011
Titolo : APSB11-03 Vulnerabilita' in Adobe Reader e Acrobat
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve varie vulnerabilita' presenti nei prodotti
Reader e Acrobat.
Queste vulnerabilita' possono causare il crash dell'applicazione
e potenzialmente consentire ad un aggressore
di prendere il controllo di un sistema vulnerabile.
Il rischio per gli utenti di Reader X e' notevolmente piu' basso
dato che nessuna delle vulnerabilita' supera il contenimento
della modalita' Protected del software.
Questi aggiornamenti comprendono anche l'aggiornamento
per Flash Player.
:: Software interessato
Adobe Reader 9.4.1 e precedenti per Windows, Macintosh e UNIX
Adobe Reader X (10.0) per Windows e Macintosh
Adobe Acrobat 8.2.5 e precedenti per Windows, Macintosh
Adobe Acrobat X (10.0) e precedenti per Windows e Macintosh
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
Crash dell'applicazione
:: Soluzioni
Aggiornare alle seguenti versioni in base a quella in uso:
Adobe Reader 9.4.2 (disponibile nella settimana del 28 febbraio 2011)
Adobe Reader X (10.0.1)
Adobe Acrobat 8.2.6
Adobe Acrobat X (10.0.1)
:: Riferimenti
Abobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-03.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891
Vupen Security
http://www.vupen.com/english/advisories/2011/0337
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTVUXD/OB+SpikaiRAQLLowP/SFeLR4CNviZbLezRk+XUua3QHGfuOcy/
eTdF6b0rQabt4guMF1tcmK0QYCcPF18sgzgiq+lQOMilhfM2nqdRyy7rD/Yva5hM
REVy9YddPRoPb+UUU4hk6nDjIqjNLdouZP6NJJa+1cpc9U5L/gm/kjAmnAgWDb0a
qPZbjQkA2ec=
=nJYR
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-11018
Data : 11 febbraio 2011
Titolo : APSB11-03 Vulnerabilita' in Adobe Reader e Acrobat
******************************************************************
:: Descrizione del problema
Adobe ha rilasciato un aggiornamento di sicurezza
che risolve varie vulnerabilita' presenti nei prodotti
Reader e Acrobat.
Queste vulnerabilita' possono causare il crash dell'applicazione
e potenzialmente consentire ad un aggressore
di prendere il controllo di un sistema vulnerabile.
Il rischio per gli utenti di Reader X e' notevolmente piu' basso
dato che nessuna delle vulnerabilita' supera il contenimento
della modalita' Protected del software.
Questi aggiornamenti comprendono anche l'aggiornamento
per Flash Player.
:: Software interessato
Adobe Reader 9.4.1 e precedenti per Windows, Macintosh e UNIX
Adobe Reader X (10.0) per Windows e Macintosh
Adobe Acrobat 8.2.5 e precedenti per Windows, Macintosh
Adobe Acrobat X (10.0) e precedenti per Windows e Macintosh
:: Impatto
Esecuzione remota di codice arbitrario
Conquista del controllo sul sistema
Crash dell'applicazione
:: Soluzioni
Aggiornare alle seguenti versioni in base a quella in uso:
Adobe Reader 9.4.2 (disponibile nella settimana del 28 febbraio 2011)
Adobe Reader X (10.0.1)
Adobe Acrobat 8.2.6
Adobe Acrobat X (10.0.1)
:: Riferimenti
Abobe Security Bulletin
http://www.adobe.com/support/security/bulletins/apsb11-03.html
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0562
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0563
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0564
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0565
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0566
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0567
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0568
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0570
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0585
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0586
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0587
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0588
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0590
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0591
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0592
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0593
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0594
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0595
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0596
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0598
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0599
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0600
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0603
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0604
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0605
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606
iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=891
Vupen Security
http://www.vupen.com/english/advisories/2011/0337
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTVUXD/OB+SpikaiRAQLLowP/SFeLR4CNviZbLezRk+XUua3QHGfuOcy/
eTdF6b0rQabt4guMF1tcmK0QYCcPF18sgzgiq+lQOMilhfM2nqdRyy7rD/Yva5hM
REVy9YddPRoPb+UUU4hk6nDjIqjNLdouZP6NJJa+1cpc9U5L/gm/kjAmnAgWDb0a
qPZbjQkA2ec=
=nJYR
-----END PGP SIGNATURE-----