Bug 920180 (CVE-2013-2549) - CVE-2013-2549 acroread: Unspecified vulnerability allows remote attackers to execute arbitrary code (CanSecWest 2013)
Summary: CVE-2013-2549 acroread: Unspecified vulnerability allows remote attackers to ...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2013-2549
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
urgent
urgent
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 962943 962944 962945 962946
Blocks: 920183 961684
TreeView+ depends on / blocked
 
Reported: 2013-03-11 14:08 UTC by Jan Lieskovsky
Modified: 2021-02-17 07:56 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-05-15 14:39:01 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2013:0826 0 normal SHIPPED_LIVE Critical: acroread security update 2013-11-13 16:09:56 UTC

Description Jan Lieskovsky 2013-03-11 14:08:27 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2549 to the following vulnerability:

Unspecified vulnerability in Adobe Reader 11.0.02 allows remote attackers to execute arbitrary code via vectors related to a "break into the sandbox," as demonstrated by George Hotz during a Pwn2Own competition at CanSecWest 2013.

References:
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2549
[2] http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Pwn2Own-2013/ba-p/5981157
[3] http://twitter.com/thezdi/statuses/309771882612281344
Comment 3 Huzaifa S. Sidhpurwala 2013-03-18 05:09:30 UTC 
Statement:

(none)
Comment 5 errata-xmlrpc 2013-05-15 09:03:23 UTC 
This issue has been addressed in following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2013:0826 https://rhn.redhat.com/errata/RHSA-2013-0826.html
Note You need to log in before you can comment on or make changes to this bug.