Bug 579213 (CVE-2010-1241)

Summary: CVE-2010-1241 Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: unspecifiedCC: bressers, mkasik, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.youtube.com/watch?v=9EVHtY1-0q8
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-04-14 09:49:55 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 581435, 581436    
Bug Blocks:    

Description Jan Lieskovsky 2010-04-03 10:59:23 UTC 
At the Black Hat Europe 2010 conference, taking place in 
Barcelona, Spain, from April the 12-th to April the 15-th,
Haifei Li and Guillaume Lovet will give a presentation
named "Adobe Reader’s Custom Memory Management: A Heap of Trouble“:

  [1] http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li

focusing on the subject of custom heap management system,
present in the Adobe Reader.

As part of their presentation, they will publish a working 
exploit for "a PDF zero-day vulnerability they discovered
recently in the latest Adobe Reader 9.3.1 (where Data Execution
Prevention is enabled by default), as a demonstration of
their research."
 
  [2] http://www.youtube.com/watch?v=9EVHtY1-0q8
  [3] http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/

As stated in [3]:

"Please note that the vulnerability details are currently being
protected by our Responsible Disclosure Policy. We are working
actively with the Adobe Product Security Incident Response Team
to arrange an appropriate timing to disclose the full details."

The Red Hat Security Response Team is aware and monitoring progress
on this flaw, cooperating with Adobe Product Security Incident
Response Team and once further information is available regarding
this threat, will immediately react to ensure it will be addressed
in a timely manner.
Comment 6 Vincent Danen 2010-04-08 22:57:00 UTC 
MITRE has assigned CVE-2010-1241 to this issue; so changing the CVE name accordingly.
Comment 10 errata-xmlrpc 2010-04-14 09:36:44 UTC 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0349 https://rhn.redhat.com/errata/RHSA-2010-0349.html