int(5526)

Vulnerability Bulletins

Ejecución de código en Adobe

Vulnerability classification
Property Value
Confidence level Oficial
Impact Aumento de privilegios
Dificulty Principiante
Required attacker level Acceso fisico

System information
Property Value
Affected manufacturer Comercial Software
Affected software Adobe InDesign CS5 <= 7.0.2
Adobe InDesign Server <= CS5 7.0.2
Adobe InCopy <=CS5 7.0.2

Description
CVE-2010-3153: Se han descubierto una vulnerabilidad en Adobe InDesign CS4 6.0. La vulnerabilidad reside en los caminos de búsqueda no confiables.
Un atacante local podría ejecutar código arbitrario mediante un troyano "ibfs32.dll".

Solution


Actualización de software

Adobe (APSB08-15)
CS5 7.0.3
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4872
CS4 6.0.6
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4877
InDesign Server CS5 7.0.3 http://www.adobe.com/support/downloads/detail.jsp?ftpID=4880
InCopy CS5 7.0.3
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4873
CS4 6.0.6
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4876

Standar resources
Property Value
CVE CVE-2010-3153
BID

Other resources
Adobe Security Bulletin (APSB10-24)
http://www.adobe.com/support/security/bulletins/apsb10-24.html

Version history
Version Comments Date
1.0 Aviso emitido 2010-10-20
Ministerio de Defensa
CNI
CCN
CCN-CERT