[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4E726C52.9020506@fortinet.com>
Date: Thu, 15 Sep 2011 14:21:22 -0700
From: zhliu <zhliu@...tinet.com>
To: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk
Cc: zhliu <zhliu@...tinet.com>
Subject: FortiGuard Advisory: Adobe Reader X Sandbox
Bypass Vulnerability
Adobe Reader X Sandbox Bypass Vulnerability
Sep 13, 2011
Summary:
========
Fortinet's FortiGuard Labs has discovered a sandbox bypass vulnerability
in Adobe Reader X.
Impact:
=======
Local Privilege Escalation.
Risk:
=====
Critical
Affected Software:
==================
For a list of product versions affected, please see the Adobe Security
Bulletin reference below.
Additional Information:
=======================
By successfully leveraging a sandbox bypass vulnerability in Adobe
Reader X, a malicious code could escape out of the sandbox resulting in
privilege escalation.
References:
========
FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2011-30.html
Adobe Security Bulletin Summary for September 13,
2011:http://www.adobe.com/support/security/bulletins/apsb11-24.html
CVE ID: CVE-2011-1353
Solutions:
=======
Users should apply the solution provided by Adobe.
Acknowledgment:
==============
Zhenhua Liu of Fortinet's FortiGuard Labs
*** Please note that this message and any attachments may contain confidential
and proprietary material and information and are intended only for the use of
the intended recipient(s). If you are not the intended recipient, you are hereby
notified that any review, use, disclosure, dissemination, distribution or copying
of this message and any attachments is strictly prohibited. If you have received
this email in error, please immediately notify the sender and destroy this e-mail
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed
in this message are those of the individual sender and do not necessarily reflect
the views of Fortinet, Inc., its affiliates, and emails are not binding on
Fortinet and only a writing manually signed by Fortinet's General Counsel can be
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists