SB2010011301 - Red Hat update for acroread
Published: January 13, 2010 Updated: May 2, 2017
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) Improper validation of array index (CVE-ID: CVE-2009-3953)
CWE-ID: CWE-129 - Improper Validation of Array Index
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to array indexing error in U3D support. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: this vulnerability is being actively exploited.
2) Untrusted search path (CVE-ID: CVE-2009-3954)
CWE-ID: CWE-426 - Untrusted Search Path
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to boundary error in 3D implementation. A remote attacker can place a .pdf file along with malicious DLL on a public SMB or WebDAV share, trick the victim into opening .pdf file and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
3) Memory corruption (CVE-ID: CVE-2009-3955)
CWE-ID: CWE-119 - Memory corruption
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to sign extension error when handling a Jp2c stream of a JpxDecode data stream. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
4) Cross-site scripting (CVE-ID: CVE-2009-3956)
CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear
The vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The weakness exists due to incorrect filtration of input data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in victim’s browser in security context of vulnerable website.
5) Integer Overflow or Wraparound (CVE-ID: CVE-2009-3959)
CWE-ID: CWE-190 - Integer overflow
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to integer overflow in the U3D implementation. A remote attacker can create a specially crafted .pdf file containing a malicious U3D mode, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
6) Use-after-free error (CVE-ID: CVE-2009-4324)
CWE-ID: CWE-416 - Use After Free
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:A/U:Red
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The weakness exists due to use-after-free error in the Doc.media.newPlayer method in Multimedia.api. A remote attacker can create a specially crafted .pdf file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system with privileges of the current user.
Successful exploitation of the vulnerability results in arbitrary code execution on the vulnerable system.
Note: the vulnerability was being actively exploited.
Remediation
Install update from vendor's website.