Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.
baad128edffc63cf96f6415bcd8ed20845d4c2166743c0cf07a2e6869a63d515iDefense Security Advisory 02.08.11 - Remote exploitation of a memory corruption vulnerability in Adobe Systems Inc.'s Reader could allow an attacker to execute arbitrary code with the privileges of the current user. JPEG2000 (JP2K) is an image file format similar to JPEG. In addition to JPEG markers, JP2K files also provide "boxes" that define different image properties. JP2K is one of the image formats supported by Adobe Reader and Acrobat. The vulnerability occurs when parsing a JPEG2000 file embedded inside of a PDF file. Several different JP2K record types are involved in the vulnerability. It is possible to increment a buffer index beyond the allocated data, and store pointers to file data at that location. This can result in the corruption of heap structures and application data, which leads to the execution of arbitrary code. iDefense has confirmed the existence of this vulnerability in Adobe Reader and Acrobat versions 9.4 and 8.2.5. A full list of vulnerable Adobe products can be found in Adobe Security Bulletin APSB11-03.
9023fb241705e726e7f30ccce3136b242840184453dce8f68b6886351ba171bc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed