CVE-2011-0590

Related Files

Gentoo Linux Security Advisory 201201-19

Posted Jan 31, 2012

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201201-19 - Multiple vulnerabilities in Adobe Reader might allow remote attackers to execute arbitrary code or conduct various other attacks. Versions less than 9.4.7 are affected.

tags | advisory, remote, arbitrary, vulnerability

systems | linux, gentoo

advisories | CVE-2010-4091, CVE-2011-0562, CVE-2011-0563, CVE-2011-0565, CVE-2011-0566, CVE-2011-0567, CVE-2011-0570, CVE-2011-0585, CVE-2011-0586, CVE-2011-0587, CVE-2011-0588, CVE-2011-0589, CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0594, CVE-2011-0595, CVE-2011-0596, CVE-2011-0598, CVE-2011-0599, CVE-2011-0600, CVE-2011-0602, CVE-2011-0603, CVE-2011-0604, CVE-2011-0605, CVE-2011-0606, CVE-2011-2130

SHA-256 | baad128edffc63cf96f6415bcd8ed20845d4c2166743c0cf07a2e6869a63d515

Download | Favorite | View

Zero Day Initiative Advisory 11-077

Posted Feb 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-077 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When parsing a particular texture file specified by the format, the application will explicitly trust fields within the file in a multiply used to allocate space for the image data. Due to the application not accommodating for the result being larger than the architecture is able to store, the application will under allocate a buffer. When writing image data to this buffer the application will write outside the boundary of the allocation. This can lead to code execution under the context of the application.

tags | advisory, remote, arbitrary, code execution

advisories | CVE-2011-0590

SHA-256 | 97cb2db7d4506345cd480076cb26cfd54bfb85760f9c82a8991fcde3dd24cd16

Download | Favorite | View

Zero Day Initiative Advisory 11-066

Posted Feb 8, 2011

Authored by Tipping Point | Site zerodayinitiative.com

Zero Day Initiative Advisory 11-066 - This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application's implementation of an image format supported by the Universal 3D compressed file format. When decoding the image data provided by the file, the application will use one size for allocating space for the destination buffer and then trust the data when decompressing into that buffer. Due to the decompression being unbounded by the actual buffer size, a buffer overflow can be made to occur leading to code execution under the context of the application.

tags | advisory, remote, overflow, arbitrary, code execution

advisories | CVE-2011-0590

SHA-256 | e3bcc174f08bb966116fe48b546b45c1b01bcd1e98977a0d74d0053f25393163

Download | Favorite | View