Most of the vulnerabilities (21) affect the Windows version of the Framemaker document processor. The most severe issues are classified as critical buffer overflow, heap overflow, out-of-bounds write, and memory corrupt flaws. The vulnerabilities can lead to arbitrary code execution in the context of the current user.
The flaws were reported to the company through Trend Micro’s Zero Day Initiative by the researcher who goes online with the moniker “Kdot”.
The IT firm addressed critical memory corruption issues that can be exploited by attackers to execute arbitrary code on vulnerable systems, and critical privilege escalation bugs that can allow an attacker to write arbitrary files to the system. The remaining flaws in Acrobat and Reader products have been rated as moderate severity memory leaks and important-severity information disclosure vulnerabilities.
The flaws were reported to Adobe by independent experts and researchers from Qihoo 360, Tencent, Renmin University of China, Cisco Talos, the Chinese Academy of Sciences, Baidu, and McAfee.
Adobe addressed a new critical arbitrary code execution flaw in Flash Player, successfull exploitation could lead to arbitrary code execution in the context of the current user.
Adobe has also addressed two vulnerabilities in Digital Editions, including a critical command injection bug and an important information disclosure vulnerability.
The IT giant also fixed an important denial-of-service (DoS) issue that affects versions 6.5 and 6.4 of the Adobe Experience Manager.
Adobe confirmed that it’s not aware of any attacks exploiting these vulnerabilities in the wild
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.