Red Hat update for acroread

Published: 2010-02-18 | Updated: 2017-05-02

Risk	High
Patch available	YES
Number of vulnerabilities	2
CVE-ID	CVE-2010-0186 CVE-2010-0188
CWE-ID	CWE-264
Exploitation vector	Network
Public exploit	Vulnerability #2 is being exploited in the wild.
Vulnerable software Subscribe	Red Hat Enterprise Linux Desktop Operating systems & Components / Operating system Red Hat Enterprise Linux Server Operating systems & Components / Operating system
Vendor	Red Hat Inc.

Security Bulletin

This security bulletin contains information about 2 vulnerabilities.

1) Denial of service

EUVDB-ID: #VU6150

Risk: Low

CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2010-0186

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

Exploit availability: No

Description

The vulnerability allows a remote attacker to cause denial of service (DoS) on the target system.

The vulnerability exists due to improper permissions control. A remote attacker can trick the victim into visiting a specially crafted Web site, bypass cross-domain sandbox controls and send unauthorized cross-domain requests to cause the application to crash.

Successful exploitation of this vulnerability may result in denial of service.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

Red Hat Enterprise Linux Desktop: 5

Red Hat Enterprise Linux Server: v.5

External links

http://access.redhat.com/errata/RHSA-2010:0114

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Arbitrary code execution

EUVDB-ID: #VU6151

Risk: High

CVSSv3.1: 9.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2010-0188