Adobe Reader/Acrobat ‘CoolType.dll’内存破坏远程代码执行漏洞

发表评论 (0) 查看评论

漏洞起因
边界条件错误
危险等级

 
影响系统
Adobe Reader 9.3.4
 Adobe Reader 9.3.4
 Adobe Reader 9.3.3
 Adobe Reader 9.3.2
 Adobe Reader 9.3.1
 Adobe Reader 9.1.3
 Adobe Reader 9.1.2
 Adobe Reader 9.1.1
 Adobe Reader 8.2.5
 Adobe Reader 8.2.4
 Adobe Reader 8.2.3
 Adobe Reader 8.2.2
 Adobe Reader 8.2.1
 Adobe Reader 8.1.7
 Adobe Reader 8.1.6
 Adobe Reader 8.1.5
 Adobe Reader 8.1.4
 Adobe Reader 8.1.3
 Adobe Reader 8.1.2
 Adobe Reader 8.1.1
 Adobe Reader 9.4.3
 Adobe Reader 9.4.2
 Adobe Reader 9.4.1
 Adobe Reader 9.4
 Adobe Reader 9.3
 Adobe Reader 9.2
 Adobe Reader 9.1
 Adobe Reader 9
 Adobe Reader 9
 Adobe Reader 8.2
 Adobe Reader 8.1.2 Security Updat
 Adobe Reader 8.1
 Adobe Reader 8.0
 Adobe Reader 8
 Adobe Reader 10.0.2
 Adobe Reader 10.0.1
 Adobe Reader 10.0
 Adobe Acrobat Standard 9.3.4
 Adobe Acrobat Standard 9.3.4
 Adobe Acrobat Standard 9.3.3
 Adobe Acrobat Standard 9.3.2
 Adobe Acrobat Standard 9.3.1
 Adobe Acrobat Standard 9.1.3
 Adobe Acrobat Standard 9.1.2
 Adobe Acrobat Standard 8.2.5
 Adobe Acrobat Standard 8.2.4
 Adobe Acrobat Standard 8.2.2
 Adobe Acrobat Standard 8.2.1
 Adobe Acrobat Standard 8.1.7
 Adobe Acrobat Standard 8.1.6
 Adobe Acrobat Standard 8.1.4
 Adobe Acrobat Standard 8.1.3
 Adobe Acrobat Standard 8.1.2
 Adobe Acrobat Standard 8.1.1
 Adobe Acrobat Standard 9.4.3
 Adobe Acrobat Standard 9.4.2
 Adobe Acrobat Standard 9.4.1
 Adobe Acrobat Standard 9.4
 Adobe Acrobat Standard 9.3
 Adobe Acrobat Standard 9.2
 Adobe Acrobat Standard 9.1
 Adobe Acrobat Standard 9
 Adobe Acrobat Standard 8.2
 Adobe Acrobat Standard 8.1
 Adobe Acrobat Standard 8.0
 Adobe Acrobat Standard 10.0.2
 Adobe Acrobat Standard 10.0.1
 Adobe Acrobat Standard 10.0
 Adobe Acrobat Professional 9.3.4
 Adobe Acrobat Professional 9.3.3
 Adobe Acrobat Professional 9.3.2
 Adobe Acrobat Professional 9.3.1
 Adobe Acrobat Professional 9.1.3
 Adobe Acrobat Professional 9.1.2
 Adobe Acrobat Professional 8.2.5
 Adobe Acrobat Professional 8.2.4
 Adobe Acrobat Professional 8.2.2
 Adobe Acrobat Professional 8.2.1
 Adobe Acrobat Professional 8.1.7
 Adobe Acrobat Professional 8.1.6
 Adobe Acrobat Professional 8.1.4
 Adobe Acrobat Professional 8.1.3
 Adobe Acrobat Professional 8.1.2
 Adobe Acrobat Professional 8.1.1
 Adobe Acrobat Professional 9.4.3
 Adobe Acrobat Professional 9.4.2
 Adobe Acrobat Professional 9.4.1
 Adobe Acrobat Professional 9.4
 Adobe Acrobat Professional 9.3
 Adobe Acrobat Professional 9.2
 Adobe Acrobat Professional 9.1
 Adobe Acrobat Professional 9 Extended
 Adobe Acrobat Professional 9
 Adobe Acrobat Professional 8.2
 Adobe Acrobat Professional 8.1.2 Security Updat
 Adobe Acrobat Professional 8.1
 Adobe Acrobat Professional 8.0
 Adobe Acrobat Professional 10.0.2
 Adobe Acrobat Professional 10.0.1
 Adobe Acrobat Professional 10.0
 Adobe Acrobat 9.3.3
 Adobe Acrobat 9.3.3
 Adobe Acrobat 9.3.2
 Adobe Acrobat 9.3.1
 Adobe Acrobat 9.1.1
 Adobe Acrobat 8.2.5
 Adobe Acrobat 8.2.4
 Adobe Acrobat 8.2.4
 Adobe Acrobat 8.2.3
 Adobe Acrobat 8.2.2
 Adobe Acrobat 8.1.8
 Adobe Acrobat 9.4.3
 Adobe Acrobat 9.4.2
 Adobe Acrobat 9.4.1
 Adobe Acrobat 9.4
 Adobe Acrobat 9.3
 Adobe Acrobat 9.2
 Adobe Acrobat 9
 Adobe Acrobat 8.0
 Adobe Acrobat 8
 Adobe Acrobat 10.0.2
 Adobe Acrobat 10.0.1
 Adobe Acrobat 10.0
 
 
不受影响系统
Adobe Reader 9.4.4
 Adobe Reader 10.0.3
 Adobe Acrobat Standard 9.4.4
 Adobe Acrobat Standard 10.0.3
 Adobe Acrobat Professional 9.4.4
 Adobe Acrobat Professional 10.0.3
 Adobe Acrobat 9.4.4
 Adobe Acrobat 10.0.3
 
危害
远程攻击者可以利用漏洞以应用程序安全上下文执行任意代码。
 
攻击所需条件
攻击者必须构建恶意文件,诱使用户解析。
 
漏洞信息
Adobe Reader/Acrobat是流行的处理PDF文件的应用程序。
Windows和Macintosh操作系统下的Adobe Reader/Acrobat X (10.0.2)和之前10.x和9.x版本存在严重漏洞。这些漏洞,包括Security Advisory APSA11-02(http://www.adobe.com/support/security/advisories/apsa11-02.html)引用的CVE-2011-0611可导致崩溃和允许攻击者控制受影响系统。其中CVE-2011-0611漏洞已经针对Adobe Flash Player和Adobe Reader/Acrobat,通过嵌入在Microsoft Word (.doc) 或Microsoft Excel(.xsl)文件中的Flash (.swf)在网络上积极利用。Adobe Reader X保护模式可阻止此类攻击代码执行。
Adobe建议Macintosh Adobe Reader X (10.0.2)用户升级到Adobe Reader X (10.0.3)。Windows和Macintosh平台下的Adobe Reader 9.4.3用户,Adobe已经提供Adobe Reader 9.4.4升级程序。Adobe建议Windows和Macintosh平台下的Adobe Acrobat X (10.0.2)升级到Adobe Acrobat X (10.0.3)。Adobe建议Windows和Macintosh平台下Adobe Acrobat 9.4.3升级到Adobe Acrobat 9.4.4。
 
测试方法
 
厂商解决方案
用户可参考如下供应商提供的安全公告获得补丁信息:
http://www.adobe.com/support/security/bulletins/apsb11-08.html
 
漏洞提供者
CERT Polska and Paul Baccas of Sophos
  
 
漏洞消息链接
http://www.adobe.com/support/security/bulletins/apsb11-08.html
 

发表评论?

0 条评论。

发表评论