Alert GCSA-10140 - Vulnerabilita' in Adobe Reader e Acrobat
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10140
Data : 7 ottobre 2010
Titolo : Vulnerabilita' in Adobe Reader e Acrobat (APSB10-21)
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Adobe Reader e Acrobat
che potrebbero essere sfruttate da attaccanti remoti per provocare un Denial of Service (DoS)
o per compromettere un sistema vulnerabile, e da attaccanti locali per
ottenere privilegi elevati.
Queste vulnerabilita' sono causate da errori di tipo memory corruptions,
array-indexing, e input validation durante l'elaborazione di dati, immagini o
caratteri malformati presenti all'interno di un documento PDF.
:: Software interessato
Adobe Reader versione 9.3.4 e precedenti
Adobe Reader versione 8.2.4 e precedenti
Adobe Acrobat versione 9.3.4 e precedenti
Adobe Acrobat versione 8.2.4 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Privileges escalation
Possibile compromissione del sistema
:: Soluzioni
Aggiornare Adobe Acrobat e Reader alle versioni 9.4 o 8.2.5 :
http://www.adobe.com/support/security/bulletins/apsb10-21.html
:: Riferimenti
Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
VUPEN:
http://www.vupen.com/english/advisories/2010/2573
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTK2eG/OB+SpikaiRAQJUzwQAg+zfdxUxa83ki30EgbxbDrCwM2v5FfvP
+TKYfiZkmxRLr3PrvVxk7vshQLWpHGhQEDsIrxbKGVZpTgX4Osv1vllUipsrgKx1
F2bdeKgCz4tnoG/KBUyVq9LAgoHjAOZr4QlhcYxMDbsV4+TZQDu6pRum9Rq5mf38
zRvErpGAHS4=
=dxOF
-----END PGP SIGNATURE-----
Hash: SHA1
******************************************************************
Alert ID : GCSA-10140
Data : 7 ottobre 2010
Titolo : Vulnerabilita' in Adobe Reader e Acrobat (APSB10-21)
******************************************************************
:: Descrizione del problema
Sono state identificate vulnerabilita' multiple in Adobe Reader e Acrobat
che potrebbero essere sfruttate da attaccanti remoti per provocare un Denial of Service (DoS)
o per compromettere un sistema vulnerabile, e da attaccanti locali per
ottenere privilegi elevati.
Queste vulnerabilita' sono causate da errori di tipo memory corruptions,
array-indexing, e input validation durante l'elaborazione di dati, immagini o
caratteri malformati presenti all'interno di un documento PDF.
:: Software interessato
Adobe Reader versione 9.3.4 e precedenti
Adobe Reader versione 8.2.4 e precedenti
Adobe Acrobat versione 9.3.4 e precedenti
Adobe Acrobat versione 8.2.4 e precedenti
:: Impatto
Esecuzione remota di codice arbitrario
Denial of service
Privileges escalation
Possibile compromissione del sistema
:: Soluzioni
Aggiornare Adobe Acrobat e Reader alle versioni 9.4 o 8.2.5 :
http://www.adobe.com/support/security/bulletins/apsb10-21.html
:: Riferimenti
Adobe:
http://www.adobe.com/support/security/bulletins/apsb10-21.html
VUPEN:
http://www.vupen.com/english/advisories/2010/2573
Mitre's CVE ID:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2883
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2884
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2888
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2889
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2890
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3619
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3620
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3621
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3622
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3623
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3624
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3625
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3626
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3627
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3628
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3629
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3630
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3631
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3632
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3656
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3657
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3658
-----BEGIN PGP SIGNATURE-----
iQCVAwUBTK2eG/OB+SpikaiRAQJUzwQAg+zfdxUxa83ki30EgbxbDrCwM2v5FfvP
+TKYfiZkmxRLr3PrvVxk7vshQLWpHGhQEDsIrxbKGVZpTgX4Osv1vllUipsrgKx1
F2bdeKgCz4tnoG/KBUyVq9LAgoHjAOZr4QlhcYxMDbsV4+TZQDu6pRum9Rq5mf38
zRvErpGAHS4=
=dxOF
-----END PGP SIGNATURE-----