PT-2013-1524 · Adobe+2 · Reader+3
Published
2013-01-10
·
Updated
2017-09-19
·
CVE-2012-1530
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Adobe Reader and Acrobat versions 9.x through 9.5.2
Adobe Reader and Acrobat versions 10.x through 10.1.4
Adobe Reader and Acrobat versions 11.x through 11.0.0
Description
A heap-based buffer overflow issue exists in the XSLT engine, allowing attackers to execute arbitrary code or cause a denial of service via a crafted PDF file containing an XSL file. This occurs when the lang function processes XML data with a crafted node-set, leading to memory corruption.
Recommendations
For Adobe Reader and Acrobat versions 9.x through 9.5.2, update to version 9.5.3 or later.
For Adobe Reader and Acrobat versions 10.x through 10.1.4, update to version 10.1.5 or later.
For Adobe Reader and Acrobat versions 11.x through 11.0.0, update to version 11.0.1 or later.
Fix
DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Acrobat
Reader
Red Hat
Suse