Computer Security
[EN] securityvulns.ru no-pyccku


Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
updated since 20.02.2009
Published:21.02.2009
Source:
SecurityVulns ID:9686
Type:remote
Threat Level:
5/10
Description:PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc. Drupal: Crossite scripting
Affected:DRUPAL : Drupal 4.5
 PHPCREDO : PHCDownload 1.1
 DRUPAL : Drupal 5.5
Original documentdocumentMustLive, New Cross-Site Scripting vulnerability in Drupal (21.02.2009)
 documentcontact_(at)_vnbrain.net, PHCDownload 1.1.0 Vulnerabilities (20.02.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Drupal (20.02.2009)
 documentMustLive, Cross-Site Scripting vulnerability in Drupal (20.02.2009)

Adobe Acrobat / Reader code execution
updated since 21.02.2009
Published:04.09.2009
Source:
SecurityVulns ID:9687
Type:client
Threat Level:
8/10
Description:Vulnerability is used in-the-wild for hidden malware installations. Recomendations are to disable PDF displaying inside browser and Javascript in PDF documents. Buffer overflow in JBIG2 decoding, buffer overflow in getIcon() javascript function.
Affected:ADOBE : Reader 8.1
 ADOBE : Acrobat 8.1
 ADOBE : Reader 9.0
 ADOBE : Acrobat 9.0
 ADOBE : Acrobat 7.1
 ADOBE : Reader 7.1
 ADOBE : Reader 9.1
CVE:CVE-2009-1857 (Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a PDF document with a crafted TrueType font.)
 CVE-2009-1856 (Integer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows attackers to cause a denial of service or possibly execute arbitrary code via a PDF file containing unspecified parameters to the FlateDecode filter, which triggers a heap-based buffer overflow.)
 CVE-2009-1855 (Stack-based buffer overflow in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 might allow attackers to execute arbitrary code via a PDF file containing a malformed U3D model file with a crafted extension block.)
 CVE-2009-0927 (Unspecified vulnerability in Adobe Reader and Adobe Acrobat 9.1 and 7.1.1 allows remote attackers to execute arbitrary code via unknown vectors related to a JavaScript method and input validation, a different vulnerability than CVE-2009-0658.)
 CVE-2009-0658 (Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.)
 CVE-2009-0509 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to execute arbitrary code via a crafted file that triggers memory corruption.)
 CVE-2009-0198 (Heap-based buffer overflow in the JBIG2 filter in Adobe Reader 7 and Acrobat 7 before 7.1.3, Adobe Reader 8 and Acrobat 8 before 8.1.6, and Adobe Reader 9 and Acrobat 9 before 9.1.2 allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF file that contains JBIG2 text region segments with Huffman encoding.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
 CVE-2009-0193 (Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.)
Original documentdocumentIván Rodriguez Almuiña, Adobe Acrobat and Reader Collab 'getIcon()' JavaScript Method Exploit and Report (CVE-2009-0927) (04.09.2009)
 documentZDI, ZDI-09-042: Adobe Reader U3D RHAdobeMeta Stack Overflow Vulnerability (14.06.2009)
 documentnoreply-secresearch_(at)_fortinet.com, FortiGuard Advisory: Adobe Reader/Acrobat TrueType Font Processing Memory Corruption Vulnerability (14.06.2009)
 documentIDEFENSE, iDefense Security Advisory 06.11.09: Adobe Reader and Acrobat FlateDecode Integer Overflow Vulnerability (14.06.2009)
 documentVUPEN Security Research, VUPEN Security - Adobe Acrobat and Reader JBIG2 Filter Heap Overflow Vulnerability (14.06.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow (11.06.2009)
 documentiViZ Security Advisories, [Full-disclosure] [IVIZ-09-001] Adobe Acrobat Reader Memory Corruption Vulnerability (26.03.2009)
 documentSECUNIA, Secunia Research: Adobe Reader JBIG2 Symbol Dictionary Buffer Overflow (25.03.2009)
 documentZDI, ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability (25.03.2009)
 documentIDEFENSE, iDefense Security Advisory 03.24.09: Adobe Reader and Acrobat JBIG2 Encoded Stream Heap Overflow Vulnerability (25.03.2009)
 documentADOBE, Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat (21.02.2009)
 documentCERT, US-CERT Technical Cyber Security Alert TA09-051A -- Adobe Acrobat and Reader Vulnerability (21.02.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod