Vulnerability Bulletins |
Desbordamiento de entero en Adobe Reader y Acrobat |
|
Vulnerability classification |
|
| Property | Value |
| Confidence level | Oficial |
| Impact | Obtener acceso |
| Dificulty | Experto |
| Required attacker level | Acceso remoto sin cuenta a un servicio estandar |
System information |
|
| Property | Value |
| Affected manufacturer | Comercial Software |
| Affected software |
Adobe Reader <= 9.3.3 Adobe Reader <= 8.2.3 Adobe Acrobat <= 9.3.3 |
Description |
|
|
Se ha descubierto una vulnerabilidad de tipo desbordamiento de entero en Adobe Reader 8.2.3 y 9.3.3, y Acrobat 9.3.3. La vulnerabilidad reside en un error en "CoolType.dll". Un atacante remoto podría ejecutar código arbitrario mediante una fuente TrueType con un valor grande de "maxCompositePoints" en una tabla "Maximum Profile" (maxp). |
|
Solution |
|
|
Actualización de software Adobe (APSB10-17) Adobe Reader / Windows http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows Adobe Reader / Macintosh http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh Adobe Reader users / UNIX http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix Adobe Reader 9.3.4 / Windows, Macintosh y UNIX http://get.adobe.com/reader Adobe Acrobat / Windows http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows Adobe Acrobat / Macintosh http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh Adobe Acrobat / Unix http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix |
|
Standar resources |
|
| Property | Value |
| CVE | CVE-2010-2862 |
| BID | |
Other resources |
|
|
Adobe Security Bulletin (APSB10-17) http://www.adobe.com/support/security/bulletins/apsb10-17.html |
|
Version history |
||
| Version | Comments | Date |
| 1.0 | Aviso emitido | 2010-08-20 |