40766

http://securityevaluators.com/files/papers/CrashAnalysis.pdf

TA10-231A

http://www.zdnet.co.uk/news/security-threats/2010/08/04/adobe-confirms-pdf-security-hole-in-reader-40089737/

oval:org.mitre.oval:def:11693

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code (CVE-2010-1240, CVE-2010-2862).

This update also incorporate the Adobe Flash Player update APSB10-16 for the bundled flash player parts (CVE-2010-0209, CVE-2010-2188, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216).

Specially crafted PDF documents could crash acroread or lead to execution of arbitrary code (CVE-2010-1240 / CVE-2010-2862). This has been fixed.

This update also incorporates the Adobe Flash Player update APSB10-16 for the bundled flash player parts. (CVE-2010-0209 / CVE-2010-2188 / CVE-2010-2213 / CVE-2010-2214 / CVE-2010-2215 / CVE-2010-2216)

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 4 Extras and Red Hat Enterprise Linux 5 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes a vulnerability in Adobe Reader. This vulnerability is detailed on the Adobe security page APSB10-17, listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-2862)

Multiple security flaws were found in Adobe Flash Player embedded in Adobe Reader. These vulnerabilities are detailed on the Adobe security page APSB10-16, listed in the References section. A PDF file with embedded specially crafted SWF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2010-0209, CVE-2010-2213, CVE-2010-2214, CVE-2010-2215, CVE-2010-2216)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.3.4, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

The version of Adobe Reader installed on the remote host is earlier than 9.3.4 / 8.2.4.  Such versions are reportedly affected by multiple vulnerabilities :
  - Multiple vulnerabilities in the bundled Flash     Player as noted in APSB10-16. (CVE-2010-0209,     CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,     CVE-2010-2215, CVE-2010-2216)

  - A social engineering attack could lead to code     execution. (CVE-2010-1240)

  - An integer overflow vulnerability could lead to     code execution. (CVE-2010-2862)

The version of Adobe Acrobat installed on the remote host is earlier than 9.3.4 / 8.2.4.  Such versions are reportedly affected by multiple vulnerabilities :

  - Multiple vulnerabilities in the bundled Flash     Player as noted in APSB10-16. (CVE-2010-0209,     CVE-2010-2188, CVE-2010-2213, CVE-2010-2214,     CVE-2010-2215, CVE-2010-2216)

  - A social engineering attack could lead to code     execution. (CVE-2010-1240)

  - An integer overflow vulnerability could lead to     code execution. (CVE-2010-2862)

ID	Name	Product	Family	Severity
75418	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
51714	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 7132)	Nessus	SuSE Local Security Checks	high
51702	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 7131)	Nessus	SuSE Local Security Checks	high
50887	SuSE 11 / 11.1 Security Update : acroread_ja (SAT Patch Numbers 3004 / 3005)	Nessus	SuSE Local Security Checks	high
50883	SuSE 11 / 11.1 Security Update : Acrobat Reader (SAT Patch Numbers 3008 / 3009)	Nessus	SuSE Local Security Checks	high
49084	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
49083	openSUSE Security Update : acroread (openSUSE-SU-2010:0573-1)	Nessus	SuSE Local Security Checks	high
48400	RHEL 4 / 5 : acroread (RHSA-2010:0636)	Nessus	Red Hat Local Security Checks	high
48375	Adobe Reader < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)	Nessus	Windows	high
48374	Adobe Acrobat < 9.3.4 / 8.2.4 Multiple Vulnerabilities (APSB10-17)	Nessus	Windows	high

CVE-2010-2862

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Configuration 2

Tenable Plugins

high

high

high

high

high

high

high

high

high

high