CVE-2011-0600
published 2011-02-10CVE-2011-0600: The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to…
PriorityP357critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
40.13%
98.5th percentile
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.
Affected
55 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
| adobe | acrobat | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vmqj-vh6g-cjq3: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0591 [CRITICAL] CWE-20 GHSA-vmqj-vh6g-cjq3: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
GHSA
GHSA-39c8-3fh7-57wr: The U3D component in Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0600 [CRITICAL] CWE-20 GHSA-39c8-3fh7-57wr: The U3D component in Adobe Reader and Acrobat 10
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.
GHSA
GHSA-cj48-gr7g-jvm7: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0595 [CRITICAL] CWE-20 GHSA-cj48-gr7g-jvm7: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.
GHSA
GHSA-g2g7-mp7p-qwgx: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0592 [CRITICAL] CWE-20 GHSA-g2g7-mp7p-qwgx: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
GHSA
GHSA-phmp-vmqj-g6v8: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0593 [CRITICAL] CWE-20 GHSA-phmp-vmqj-g6v8: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.
GHSA
GHSA-fhxv-c3fv-fh8h: Adobe Reader and Acrobat 10
ghsa_unreviewed·2022-05-14·CVSS 9.3
CVE-2011-0590 [CRITICAL] CWE-20 GHSA-fhxv-c3fv-fh8h: Adobe Reader and Acrobat 10
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0595 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0600.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0600 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
The U3D component in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file with an invalid Parent Node count that triggers an incorrect size calculation and memory corruption, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, and CVE-2011-0595.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0591 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to Texture and rgba, a different vulnerability than CVE-2011-0590, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0592 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, related to "Texture bmp," a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0593 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a crafted Universal 3D (U3D) file that triggers a buffer overflow during decompression, a different vulnerability than CVE-2011-0590, CVE-2011-0591, CVE-2011-0592, CVE-2011-0595, and CVE-2011-0600.
Red Hat
acroread: critical APSB11-03
vendor_redhat·2011-02-08·CVSS 9.3
CVE-2011-0590 [CRITICAL] acroread: critical APSB11-03
acroread: critical APSB11-03
Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via a 3D file, a different vulnerability than CVE-2011-0591, CVE-2011-0592, CVE-2011-0593, CVE-2011-0595, and CVE-2011-0600.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-2916 freenx-client: qtnx stores configuration, including non-default authentication key, with insecure permissions
bugzilla·2011-08-11·CVSS 5.5
CVE-2011-2916 [MEDIUM] CVE-2011-2916 freenx-client: qtnx stores configuration, including non-default authentication key, with insecure permissions
CVE-2011-2916 freenx-client: qtnx stores configuration, including non-default authentication key, with insecure permissions
It was reported [1] that the qtnx client would store non-custom SSH keys in a world-readable configuration file. If a user did not have a properly secured home directory (if it was world-readable or world-executable), this could allow other users on the local system to obtain the private key used to connect to remote NX sessions.
For example:
% ls -al .qtnx
total 12
drwxrwxr-x. 2 user user 4096 Aug 11 11:36 .
drwxr-x---. 27 user user 4096 Aug 11 11:37 ..
-rw-rw-r--. 1 user user 1209 Aug 11 11:40 cerb.nxml
% grep Auth .qtnx/cerb.nxml
qtnx should probably set the permissions of the *.nxml files to 0600, or the ~/.qtnx/ directory should be mode 0700 (like ~/.ssh/)
Bugzilla
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-rawhide]
bugzilla·2011-06-01·CVSS 4.4
CVE-2011-2178 [MEDIUM] CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-rawhide]
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-rawhide]
fedora-rawhide tracking bug for libvirt: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
Probably easiest to solve rawhide by building 0.9.2 rather than trying to backport:
commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
Author: Eric Blake
Date: Thu May 26 08:18:46 2011 -0600
security: plug regression introduced in disk probe logic
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager. This reopens disk probing, which was
supposed to be prevente
Bugzilla
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
bugzilla·2011-06-01·CVSS 4.4
CVE-2011-2178 [MEDIUM] CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
CVE-2011-2178 libvirt: regression introduced in disk probe logic [fedora-15]
fedora-15 tracking bug for libvirt: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
This upstream commit needs to be backported to F15:
commit b598ac555c8fe67ffc39ac8ef25fe7e6b28ae3f2
Author: Eric Blake
Date: Thu May 26 08:18:46 2011 -0600
security: plug regression introduced in disk probe logic
wrong sizeof operand meant that security manager private data
was overlaying the allowDiskFormatProbing member of struct
_virSecurityManager. This reopens disk probing, which was
supposed to be prevented by the solution to CVE-2010-2238.
* src
Bugzilla
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro
bugzilla·2011-02-08·CVSS 6.9
CVE-2011-0562 [MEDIUM] CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acro
CVE-2011-0562 CVE-2011-0563 CVE-2011-0565 CVE-2011-0566 CVE-2011-0567 CVE-2011-0585 CVE-2011-0586 CVE-2011-0589 CVE-2011-0590 CVE-2011-0591 CVE-2011-0592 CVE-2011-0593 CVE-2011-0594 CVE-2011-0595 acroread: critical APSB11-03
Adobe security bulletin APSB11-03 describes multiple security flaws that can lead to arbitrary code execution when a malicious PDF file is opened in Adobe Reader.
http://www.adobe.com/support/security/bulletins/apsb11-03.html
These updates resolve a library-loading vulnerability that could lead to code execution (CVE-2011-0562).
These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2011-0563).
These updates resolve a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CV
http://secunia.com/advisories/43470http://www.adobe.com/support/security/bulletins/apsb11-03.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0301.htmlhttp://www.securityfocus.com/archive/1/516316/100/0/threadedhttp://www.securityfocus.com/bid/46213http://www.securitytracker.com/id?1025033http://www.vupen.com/english/advisories/2011/0337http://www.vupen.com/english/advisories/2011/0492http://www.zerodayinitiative.com/advisories/ZDI-11-074/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12428http://secunia.com/advisories/43470http://www.adobe.com/support/security/bulletins/apsb11-03.htmlhttp://www.redhat.com/support/errata/RHSA-2011-0301.htmlhttp://www.securityfocus.com/archive/1/516316/100/0/threadedhttp://www.securityfocus.com/bid/46213http://www.securitytracker.com/id?1025033http://www.vupen.com/english/advisories/2011/0337http://www.vupen.com/english/advisories/2011/0492http://www.zerodayinitiative.com/advisories/ZDI-11-074/https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12428
2011-02-10
Published