Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x prior to 9.4, and 8.x prior to 8.2.5 on Windows and Mac OS X, allows remote malicious users to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
adobe acrobat 8.1.1 |
||
adobe acrobat 8.1.4 |
||
adobe acrobat 8.2.1 |
||
adobe acrobat 8.1.7 |
||
adobe acrobat 8.1.3 |
||
adobe acrobat |
||
adobe acrobat 9.3.3 |
||
adobe acrobat 9.1.1 |
||
adobe acrobat 8.2.4 |
||
adobe acrobat 8.1.5 |
||
adobe acrobat 9.3 |
||
adobe acrobat 9.3.2 |
||
adobe acrobat 9.3.1 |
||
adobe acrobat 9.1.2 |
||
adobe acrobat 9.2 |
||
adobe acrobat 9.1.3 |
||
adobe acrobat 8.2.2 |
||
adobe acrobat 8.1 |
||
adobe acrobat 8.1.6 |
||
adobe acrobat 8.2 |
||
adobe acrobat 9.1 |
||
adobe acrobat 9.0 |
||
adobe acrobat 8.1.2 |
||
adobe acrobat 8.0 |
||
adobe acrobat_reader 9.1.2 |
||
adobe acrobat_reader 9.1 |
||
adobe acrobat_reader 9.2 |
||
adobe acrobat_reader |
||
adobe acrobat_reader 9.3 |
||
adobe acrobat_reader 9.3.1 |
||
adobe acrobat_reader 8.2.3 |
||
adobe acrobat_reader 8.2.1 |
||
adobe acrobat_reader 8.1.7 |
||
adobe acrobat_reader 8.1 |
||
adobe acrobat_reader 8.1.1 |
||
adobe acrobat_reader 9.3.2 |
||
adobe acrobat_reader 9.3.3 |
||
adobe acrobat_reader 8.1.6 |
||
adobe acrobat_reader 8.1.5 |
||
adobe acrobat_reader 8.1.2 |
||
adobe acrobat_reader 8.2.2 |
||
adobe acrobat_reader 9.1.3 |
||
adobe acrobat_reader 9.1.1 |
||
adobe acrobat_reader 8.1.4 |
||
adobe acrobat_reader 8.0 |
||
adobe acrobat_reader 8.2.4 |
||
adobe acrobat_reader 9.0 |
Let’s examine a couple of interesting delivery techniques from an APT active for the past several years, the Spring Dragon APT. A paper released today by our colleagues at Palo Alto Networks presented a portion of data on this crew under the label “the Lotus Blossom Operation“, likely named for the debug string present in much of the “Elise” codebase since at least 2012: “d:\lstudio\projects\lotus\…”. The group’s capabilities are more than the much discussed CVE-2012-0158 ex...
Kaspersky Lab presents its malware rankings for October. Overall, October was relatively quiet, although there were a few incidents worthy of note. Virus.Win32.Murofet, which infected a large number of PE files, was detected at the beginning of the month. What makes this malware interesting is that it generates links using a special algorithm based on the current date and time on the infected computer. Murofet gets the system’s current year, month, date, and minute, generates two double words,...