Alert GCSA-09099 - Vulnerabilita' in Adobe Reader e Acrobat (apsb09-15)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09099
Data : 15 Ottobre 2009
Titolo : Vulnerabilita' in Adobe Reader e Acrobat (apsb09-15)
******************************************************************
:: Descrizione del problema
Sono state identificate diverse vulnerabilita' in Adobe Reader e
Acrobat, che potrebbero essere sfruttate per bypassare restrizioni di
sicurezza, accesso a informazioni sensibili, causare Denial of Service o
compromettere un sistema vulnerabile.
Le vulnerabilita' sono dovute ad errori di memory corruption, integer e
heap overflow e di validazione dell'input nell'elaborare dati malevoli e
malformati e potrebbero permettere ad un attaccante di accedere a dati
sensibili, spoofing di dati, crash di applicazioni, eseguire codice
arbitrario inducendo l'utente ad aprire un documento PDF appositamente
predisposto o visitanto una pagina web malevola.
:: Software interessato
Adobe Reader version 9.1.3 e precedenti (Windows, Macintosh, and UNIX)
Adobe Reader version 8.1.6 e precedenti (Windows, Macintosh, and UNIX)
Adobe Reader version 7.1.3 e precedenti (Windows and Macintosh)
Adobe Acrobat version 9.1.3 e precedenti (Windows, Macintosh, and UNIX)
Adobe Acrobat version 8.1.6 e precedenti (Windows, Macintosh, and UNIX)
Adobe Acrobat version 7.1.3 e precedenti (Windows and Macintosh)
:: Impatto
Accesso dati sensibili
Crash di applicazioni
Denial of Service
Spoofing
Esecuzione di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Adobe e passare a Adobe
Acrobat e Reader versione 9.2, 8.1.7 o 7.1.4:
http://www.adobe.com/go/gntray_prod_acrobat_family_home
:: Riferimenti
Adobe
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Secunia
http://secunia.com/advisories/36983
VuPEN
http://www.vupen.com/english/advisories/2009/2898
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSth5+/OB+SpikaiRAQJ7OgP9EuEmMpy7EAz4kOvv+gDW6feTAF1H9fD7
yIc7C5cJwHouXYBnXnifDbmM/BDgn0/bsmKGOYv4L/ZqPYn+BVnvati0Fltg6U7k
YnUEKLswaAhWMQ+GaoY0VgDwd19B7oc5AzAY68H/U1lpjIo3NlJpKJ75mg4GJnM+
FVqq/e1Yi6U=
=/0nr
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-09099
Data : 15 Ottobre 2009
Titolo : Vulnerabilita' in Adobe Reader e Acrobat (apsb09-15)
******************************************************************
:: Descrizione del problema
Sono state identificate diverse vulnerabilita' in Adobe Reader e
Acrobat, che potrebbero essere sfruttate per bypassare restrizioni di
sicurezza, accesso a informazioni sensibili, causare Denial of Service o
compromettere un sistema vulnerabile.
Le vulnerabilita' sono dovute ad errori di memory corruption, integer e
heap overflow e di validazione dell'input nell'elaborare dati malevoli e
malformati e potrebbero permettere ad un attaccante di accedere a dati
sensibili, spoofing di dati, crash di applicazioni, eseguire codice
arbitrario inducendo l'utente ad aprire un documento PDF appositamente
predisposto o visitanto una pagina web malevola.
:: Software interessato
Adobe Reader version 9.1.3 e precedenti (Windows, Macintosh, and UNIX)
Adobe Reader version 8.1.6 e precedenti (Windows, Macintosh, and UNIX)
Adobe Reader version 7.1.3 e precedenti (Windows and Macintosh)
Adobe Acrobat version 9.1.3 e precedenti (Windows, Macintosh, and UNIX)
Adobe Acrobat version 8.1.6 e precedenti (Windows, Macintosh, and UNIX)
Adobe Acrobat version 7.1.3 e precedenti (Windows and Macintosh)
:: Impatto
Accesso dati sensibili
Crash di applicazioni
Denial of Service
Spoofing
Esecuzione di codice arbitrario
:: Soluzioni
Applicare gli aggiornamenti rilasciati da Adobe e passare a Adobe
Acrobat e Reader versione 9.2, 8.1.7 o 7.1.4:
http://www.adobe.com/go/gntray_prod_acrobat_family_home
:: Riferimenti
Adobe
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Secunia
http://secunia.com/advisories/36983
VuPEN
http://www.vupen.com/english/advisories/2009/2898
Mitre's CVE ID
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2984
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2987
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2989
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2992
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2995
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3461
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3462
-----BEGIN PGP SIGNATURE-----
iQCVAwUBSth5+/OB+SpikaiRAQJ7OgP9EuEmMpy7EAz4kOvv+gDW6feTAF1H9fD7
yIc7C5cJwHouXYBnXnifDbmM/BDgn0/bsmKGOYv4L/ZqPYn+BVnvati0Fltg6U7k
YnUEKLswaAhWMQ+GaoY0VgDwd19B7oc5AzAY68H/U1lpjIo3NlJpKJ75mg4GJnM+
FVqq/e1Yi6U=
=/0nr
-----END PGP SIGNATURE-----