lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu, 15 Sep 2011 14:21:22 -0700
From: zhliu <zhliu@...tinet.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Cc: zhliu <zhliu@...tinet.com>
Subject: FortiGuard Advisory: Adobe Reader X Sandbox
	Bypass Vulnerability

Adobe Reader X Sandbox Bypass Vulnerability
Sep 13, 2011

Summary:
========
Fortinet's FortiGuard Labs has discovered a sandbox bypass vulnerability 
in Adobe Reader X.

Impact:
=======
Local Privilege Escalation.

Risk:
=====
Critical

Affected Software:
==================
For a list of product versions affected, please see the Adobe Security 
Bulletin reference below.

Additional Information:
=======================
By successfully leveraging a sandbox bypass vulnerability in Adobe 
Reader X, a malicious code could escape out of the sandbox resulting in 
privilege escalation.

References:
========
FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2011-30.html
Adobe Security Bulletin Summary for September 13, 
2011:http://www.adobe.com/support/security/bulletins/apsb11-24.html
CVE ID: CVE-2011-1353

Solutions:
=======
Users should apply the solution provided by Adobe.

Acknowledgment:
==============
Zhenhua Liu of Fortinet's FortiGuard Labs



***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are hereby 
notified that any review, use, disclosure, dissemination, distribution or copying 
of this message and any attachments is strictly prohibited. If you have received 
this email in error, please immediately notify the sender and destroy this e-mail 
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed 
in this message are those of the individual sender and do not necessarily reflect 
the views of Fortinet, Inc., its affiliates, and emails are not binding on 
Fortinet and only a writing manually signed by Fortinet's General Counsel can be 
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ