OSVDB ID: 61693

Title: Adobe Reader / Acrobat Enhanced Security Feature Default Configuration Modification Script Injection

Info

Disclosure

Jan 12, 2010

Discovery

Unknown

Dates

Exploit

Oct 12, 2010

Solution

Jan 12, 2010

Description

Classification

Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Adobe has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1023446
CVE ID: 2009-3956 (see also: NVD)
Bugtraq ID: 37763
Secunia Advisory ID: 38138 38194 38215 38295
ISS X-Force ID: 55554
OVAL ID: 8327
VUPEN Advisory: ADV-2010-0103
Mail List Post: http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html
http://seclists.org/fulldisclosure/2010/Jan/244
Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb10-02.html
http://www.novell.com/linux/security/advisories/2010_08_acroread.html
Other Advisory URL: http://www.packetstormsecurity.org/1001-exploits/SS-2010-001.txt
http://www.stratsec.net/files/SS-2010-001_Stratsec_Acrobat_Script_Injection_Security_Advisory_v1.0.pdf
http://www.stratsec.net/Research/Advisories/Adobe-Acrobat-Script-Injection
Vendor Specific News/Changelog Entry: https://bugzilla.redhat.com/show_bug.cgi?id=554296
RedHat RHSA: https://rhn.redhat.com/errata/RHSA-2010-0037.html
https://rhn.redhat.com/errata/RHSA-2010-0038.html
https://rhn.redhat.com/errata/RHSA-2010-0060.html
RHSA-2010:0060
CERT: TA10-013A

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/61693