Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

FortiGuard Advisory: Adobe Reader X Sandbox Bypass Vulnerability

From: zhliu <zhliu () fortinet com>
Date: Thu, 15 Sep 2011 14:21:22 -0700
Adobe Reader X Sandbox Bypass Vulnerability
Sep 13, 2011

Summary:
========
Fortinet's FortiGuard Labs has discovered a sandbox bypass vulnerability in Adobe Reader X. 

Impact:
=======
Local Privilege Escalation.

Risk:
=====
Critical

Affected Software:
==================
For a list of product versions affected, please see the Adobe Security Bulletin reference below. 

Additional Information:
=======================
By successfully leveraging a sandbox bypass vulnerability in Adobe Reader X, a malicious code could escape out of the sandbox resulting in privilege escalation. 

References:
========
FortiGuard Advisory: http://www.fortiguard.com/advisory/FGA-2011-30.html
Adobe Security Bulletin Summary for September 13, 2011:http://www.adobe.com/support/security/bulletins/apsb11-24.html 
CVE ID: CVE-2011-1353

Solutions:
=======
Users should apply the solution provided by Adobe.

Acknowledgment:
==============
Zhenhua Liu of Fortinet's FortiGuard Labs
*** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. *** 
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: