|Summary:||CVE-2009-3953 CVE-2009-3954 CVE-2009-3955 CVE-2009-3959 acroread: multiple code execution flaws (APSB10-02)|
|Product:||[Other] Security Response||Reporter:||Tomas Hoger <thoger>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||kreilly, mkasik, security-response-team, yoyzhang|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2010-01-20 15:13:35 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Bug Depends On:||554298, 554299, 554300|
Description Tomas Hoger 2010-01-11 10:26:03 UTC
Adobe Security Bulletin for Adobe Reader and Acrobat APSB10-02 fixes following code execution flaws: This update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324). -> tracked via separate bug #547799 This update resolves an array boundary issue in U3D support that could lead to code execution (CVE-2009-3953). This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2009-3955). This update resolves an integer overflow vulnerability in U3D support that could lead to code execution (CVE-2009-3959).
Comment 1 Tomas Hoger 2010-01-11 10:28:38 UTC
Two more platform-specific issues: This update resolves a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954). This update resolves a buffer overflow vulnerability in the Download Manager that could lead to code execution (CVE-2009-3958).
Comment 3 Tomas Hoger 2010-01-12 16:55:39 UTC
(In reply to comment #1) > This update resolves a DLL-loading vulnerability in 3D that could allow > arbitrary code execution (CVE-2009-3954). Adobe confirmed this affects 8.x for Unix too.
Comment 4 Tomas Hoger 2010-01-13 08:01:01 UTC
Public now via: http://www.adobe.com/support/security/bulletins/apsb10-02.html
Comment 7 errata-xmlrpc 2010-01-13 16:03:43 UTC
This issue has been addressed in following products: Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0037 https://rhn.redhat.com/errata/RHSA-2010-0037.html
Comment 8 errata-xmlrpc 2010-01-13 16:08:22 UTC
This issue has been addressed in following products: Extras for RHEL 4 Via RHSA-2010:0038 https://rhn.redhat.com/errata/RHSA-2010-0038.html