Main Menu

Mailing List

Name:

Email:

Archive

Archive

[SingCERT] Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local users Gain Elevated Privileges

[ Summary ]

Multiple vulnerabilities were reported in Adobe Acrobat/Reader.  Successful exploitation of these vulnerabilities will allow

  • A remote user can cause arbitrary code to be executed on the target user’s system.
  • A local user can obtain elevated privileges on the target system.
  • A user can bypass security restrictions.


This update will address the following vulnerabilities:

  • A Memory corruption may error - CVE-2012-1530, CVE-2013-0601, CVE-2013-0605, CVE-2013-0616, CVE-2013-0619, CVE-2013-0620, CVE-2013-0623.
  • A use-after-free may occur - CVE-2013-0602.
  • A heap overflow may occur - CVE-2013-0603, CVE-2013-0604.
  • A stack overflow may occur - CVE-2013-0610, CVE-2013-0626.
  • A buffer overflow may occur - CVE-2013-0606, CVE-2013-0612, CVE-2013-0615, CVE-2013-0617, CVE-2013-0621.
  • An integer overflow may occur - CVE-2013-0609, CVE-2013-0613.
  • A local error may occur - CVE-2013-0607, CVE-2013-0608, CVE-2013-0611, CVE-2013-0614, CVE-2013-0618.
  • A local user can gain elevated privileges - CVE-2013-0627.
  • A user can bypass unspecified security restrictions - CVE-2013-0622, CVE-2013-0624.

Read more: [SingCERT] Adobe Acrobat/Reader Multiple Flaws Lets Remote Users Execute Arbitrary Code and Local users Gain Elevated Privileges

 

[SingCERT] Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code

Last Updated on Wednesday, 09 January 2013 14:36

[ Summary ]

Adobe has released security updates for Adobe Flash Player to address a vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.

Read more: [SingCERT] Adobe Flash Player Buffer Overflow Lets Remote Users Execute Arbitrary Code

 

[SingCERT] Microsoft Security Bulletin Summary for January 2013

Last Updated on Wednesday, 09 January 2013 14:56

[ Summary ]

Microsoft has released 7 security bulletins for the month of January 2013 to address vulnerabilities in Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framework.

MS13-001 and MS13-002 are rated Critical and MS13-003, MS13-004, MS13-005, MS13-006 and MS13-007 are rated Important as successful exploitation of these vulnerabilities will allow remote code execution, elevation of privilege, security features bypass, or cause denial-of-service conditions.

  • MS13-001 Vulnerability in Windows Print Spooler Components Could Allow Remote Code Execution (2769369) - Critical
  • MS13-002 Vulnerabilities in Microsoft XML Core Services Could Allow Remote Code Execution (2756145) - Critical
  • MS13-003 Vulnerabilities in System Center Operations Manager Could Allow Elevation of Privilege (2748552) - Important
  • MS13-004 Vulnerabilities in .NET Framework Could Allow Elevation of Privilege (2769324) - Important
  • MS13-005 Vulnerability in Windows Kernel-Mode Driver Could Allow Elevation of Privilege (2778930) - Important
  • MS13-006 Vulnerability in Microsoft Windows Could Allow Security Feature Bypass (2785220) - Important
  • MS13-007 Vulnerability in Open Data Protocol Could Allow Denial of Service (2769327) - Important

Read more: [SingCERT] Microsoft Security Bulletin Summary for January 2013

   

More Articles...

Page 5 of 6