Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-1530

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2012-1530
Last Modified 30 Dec 2013 11:15:02
Published 10 Jan 2013 06:56:50
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2012-1530

Summary

Heap-based buffer overflow in the XSLT engine in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via a PDF file containing an XSL file that triggers memory corruption when the lang function processes XML data with a crafted node-set.

Vulnerable Systems

Application

  • Adobe Acrobat 10.0

  • Adobe Acrobat 10.0.1

  • Adobe Acrobat 10.0.2

  • Adobe Acrobat 10.0.3

  • Adobe Acrobat 10.1

  • Adobe Acrobat 10.1.1

  • Adobe Acrobat 10.1.2

  • Adobe Acrobat 10.1.3

  • Adobe Acrobat 10.1.4

  • Adobe Acrobat 11.0

  • Adobe Acrobat 9.0

  • Adobe Acrobat 9.1

  • Adobe Acrobat 9.1.1

  • Adobe Acrobat 9.1.2

  • Adobe Acrobat 9.1.3

  • Adobe Acrobat 9.2

  • Adobe Acrobat 9.3

  • Adobe Acrobat 9.3.1

  • Adobe Acrobat 9.3.2

  • Adobe Acrobat 9.3.3

  • Adobe Acrobat 9.3.4

  • Adobe Acrobat 9.4

  • Adobe Acrobat 9.4.1

  • Adobe Acrobat 9.4.2

  • Adobe Acrobat 9.4.3

  • Adobe Acrobat 9.4.4

  • Adobe Acrobat 9.4.5

  • Adobe Acrobat 9.4.6

  • Adobe Acrobat 9.4.7

  • Adobe Acrobat 9.5

  • Adobe Acrobat 9.5.1

  • Adobe Acrobat 9.5.2

  • Adobe Acrobat Reader 10.0

  • Adobe Acrobat Reader 10.0.1

  • Adobe Acrobat Reader 10.0.2

  • Adobe Acrobat Reader 10.0.3

  • Adobe Acrobat Reader 10.1

  • Adobe Acrobat Reader 10.1.1

  • Adobe Acrobat Reader 10.1.2

  • Adobe Acrobat Reader 10.1.3

  • Adobe Acrobat Reader 10.1.4

  • Adobe Acrobat Reader 11.0

  • Adobe Acrobat Reader 9.0

  • Adobe Acrobat Reader 9.1

  • Adobe Acrobat Reader 9.1.1

  • Adobe Acrobat Reader 9.1.2

  • Adobe Acrobat Reader 9.1.3

  • Adobe Acrobat Reader 9.2

  • Adobe Acrobat Reader 9.3

  • Adobe Acrobat Reader 9.3.1

  • Adobe Acrobat Reader 9.3.2

  • Adobe Acrobat Reader 9.3.3

  • Adobe Acrobat Reader 9.3.4

  • Adobe Acrobat Reader 9.4

  • Adobe Acrobat Reader 9.4.1

  • Adobe Acrobat Reader 9.4.2

  • Adobe Acrobat Reader 9.4.3

  • Adobe Acrobat Reader 9.4.4

  • Adobe Acrobat Reader 9.4.5

  • Adobe Acrobat Reader 9.4.6

  • Adobe Acrobat Reader 9.4.7

  • Adobe Acrobat Reader 9.5

  • Adobe Acrobat Reader 9.5.1

  • Adobe Acrobat Reader 9.5.2


References

CONFIRM - http://www.adobe.com/support/security/bulletins/apsb13-02.html

REDHAT - RHSA-2013:0150

SUSE - openSUSE-SU-2013:0193

SUSE - openSUSE-SU-2013:0138

SUSE - SUSE-SU-2013:0047

SUSE - SUSE-SU-2013:0044

IDEFENSE - 20130108 Adobe Reader and Acrobat XSLT node() and lang() Memory Corruption Vulnerability

GENTOO - GLSA-201308-03

Related Patches

Adobe APSB13-02 Reader XI 11.0.1 for Windows (Update) (All Languages)

Adobe APSB13-02 Reader (English) 9.5.3 for Windows (Update)

Adobe APSB13-02 Reader X (English) 10.1.5 for Windows (Update)

Adobe APSB13-02 Reader (MUI) 9.5.3 for Windows (Update)

Adobe APSB13-02 Reader X (MUI) 10.1.5 for Windows (Update)

Adobe APSB13-02 Reader XI (MUI) 11.0.1 for Windows (Update)

Adobe APSB13-02 Reader X 10.1.5 Security Update for Mac OS X

Adobe APSB13-02 Reader 9.5.3 Security Update for Mac OS X (Intel)

Adobe APSB13-02 Reader XI 11.0.1 Security Update for Mac OS X

Adobe APSB13-02 Acrobat XI 11.0.1 for Windows (Update) (All Languages) (See Notes)

Adobe APSB13-02 Acrobat X 10.1.5 for Windows (Update) (All Languages) (See Notes) (Rev 2)

Adobe APSB13-02 Acrobat 9.5.3 for Windows (Update) (All Languages) (See Notes)

Novell SUSE 2013:7230 acroread security update for SLED 11 SP2 i586

Novell SUSE 2013:7230 acroread security update for SLED 11 SP2 x86_64

Novell SUSE 2013:8431 acroread security update for SLED 10 SP4 i586

Novell SUSE 2013:8431 acroread security update for SLED 10 SP4 x86_64


Last Updated: 27 May 2016 10:58:32