Adobe Reader和Acrobat U3D Model远程栈缓冲区溢出漏洞

影响版本:

Adobe Acrobat Standard 8.1.4
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 8.1.2
Adobe Acrobat Standard 8.1.1
Adobe Acrobat Standard 7.1.1
Adobe Acrobat Standard 7.0.8
Adobe Acrobat Standard 7.0.7
Adobe Acrobat Standard 7.0.6
Adobe Acrobat Standard 7.0.5
Adobe Acrobat Standard 7.0.4
Adobe Acrobat Standard 7.0.3
Adobe Acrobat Standard 7.0.2
Adobe Acrobat Standard 7.0.1
Adobe Acrobat Standard 7.0
Adobe Acrobat Standard 9.1
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1
Adobe Acrobat Standard 8.0
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader 9.1.1
Adobe Acrobat Reader 8.1.5
Adobe Acrobat Reader 8.1.4
Adobe Acrobat Reader 8.1.3
Adobe Acrobat Reader 8.1.2
Adobe Acrobat Reader 8.1.1
Adobe Acrobat Reader 7.1.2
Adobe Acrobat Reader 7.1.1
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0
Adobe Acrobat Reader 9.1
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1.2 Security Updat
Adobe Acrobat Reader 8.1
Adobe Acrobat Reader 8.0
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Professional 8.1.3
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Professional 7.1.1
Adobe Acrobat Professional 7.0.9
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0
Adobe Acrobat Professional 8.1.2 Security Updat
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 7.1

漏洞描述:

Bugraq ID: 35282
CVE ID：CVE-2009-1855
CNCVE ID：CNCVE-20091855

Adobe Reader和Acrobat是一款PDF文件处理程序。
Adobe Reader和Acrobat处理包含畸形U3D model的PDF文件时存在缺陷，远程攻击者可以利用漏洞以应用程序权限执行任意指令。
当处理特殊构建的model扩展块时，在调用wcsncpy()前缺少充分的边界检查，可导致基于栈的缓冲区溢出，可以以登录用户进程权限执行任意指令。

<*参考

http://www.zerodayinitiative.com/advisories/ZDI-09-042/

安全建议:

可参考如下安全公告获得补丁信息：
http://www.adobe.com/support/security/bulletins/apsb09-07.html

ZeroBox Vulnerability Database

坚持！我们将做的更好！

Adobe Reader和Acrobat U3D Model远程栈缓冲区溢出漏洞

0 条评论。

发表评论