Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 579213 - (CVE-2010-1241) CVE-2010-1241 Acroread: Heap-based overflow by opening a specially-crafted PDF file (FG-VD-10-005)
CVE-2010-1241 Acroread: Heap-based overflow by opening a specially-crafted PD...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
urgent Severity urgent
: ---
: ---
Assigned To: Red Hat Product Security
http://www.youtube.com/watch?v=9EVHtY...
impact=critical,source=internet,repor...
: Security
Depends On: 581435 581436
Blocks:
  Show dependency treegraph
 
Reported: 2010-04-03 06:59 EDT by Jan Lieskovsky
Modified: 2010-04-14 05:49 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2010-04-14 05:49:55 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2010:0349 normal SHIPPED_LIVE Critical: acroread security update 2010-04-14 05:36:41 EDT

  None (edit)
Description Jan Lieskovsky 2010-04-03 06:59:23 EDT 
At the Black Hat Europe 2010 conference, taking place in 
Barcelona, Spain, from April the 12-th to April the 15-th,
Haifei Li and Guillaume Lovet will give a presentation
named "Adobe Reader’s Custom Memory Management: A Heap of Trouble“:

  [1] http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li

focusing on the subject of custom heap management system,
present in the Adobe Reader.

As part of their presentation, they will publish a working 
exploit for "a PDF zero-day vulnerability they discovered
recently in the latest Adobe Reader 9.3.1 (where Data Execution
Prevention is enabled by default), as a demonstration of
their research."
 
  [2] http://www.youtube.com/watch?v=9EVHtY1-0q8
  [3] http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/

As stated in [3]:

"Please note that the vulnerability details are currently being
protected by our Responsible Disclosure Policy. We are working
actively with the Adobe Product Security Incident Response Team
to arrange an appropriate timing to disclose the full details."

The Red Hat Security Response Team is aware and monitoring progress
on this flaw, cooperating with Adobe Product Security Incident
Response Team and once further information is available regarding
this threat, will immediately react to ensure it will be addressed
in a timely manner.
Comment 6 Vincent Danen 2010-04-08 18:57:00 EDT 
MITRE has assigned CVE-2010-1241 to this issue; so changing the CVE name accordingly.
Comment 10 errata-xmlrpc 2010-04-14 05:36:44 EDT 
This issue has been addressed in following products:

  Extras for RHEL 4
  Extras for Red Hat Enterprise Linux 5

Via RHSA-2010:0349 https://rhn.redhat.com/errata/RHSA-2010-0349.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.