| CNNVD-ID编号 | CNNVD-201904-403 | CVE编号 | CVE-2019-7114 |
| 发布时间 | 2019-04-09 | 更新时间 | 2019-05-27 |
| 漏洞类型 | 缓冲区错误 | 漏洞来源 | Steven Seeley (mr_me) of Sourc, Ke Liu of Tencent Security Xuanwu Lab, Zhiyuan Wang from Chengdu Security Response Center of Qihoo 360 Technology Co. via Trend Micro's Zero Day Initiative,Ke Liu of Tencent Security Xuanwu Lab,Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:???※ Aleksandar Nikolic of CiscoTalos(CVE-2019-7125)※ DhaneshKizhakkinanof FireEye Inc.(CVE-2019-7113)※ Bo Qu of Palo Alto Networks andHeigeofKnownsec404 Security Team (CVE-2019-7061)※ KeLiu of Tencent Security Xuanwu Lab (CVE-2019-7114 CVE-2019-7115 CVE-2019-7124)※ Steven Seeley (mr_me) of Source Incite working withiDefenseLabs (CVE-2019-7088 CVE-2019-7116 CVE-2019-7117 CVE-2019-7128)※ Steven Seeleyvia Trend Micro's Zero Day Initiative(CVE-2019-7127)※ Wei LeiofSTARLabs(CVE-2019-7118 CVE-2019-7119 CVE-2019-7120 CVE-2019-7121 CVE-2019-7122 CVE-2019-7123)※ Xu Peng andSuPuruifrom TCA/SKLCS Institute of Software Chinese Academy of Sciences and 360CodesafeTeam ofLegendsec(CVE-2019-7112)※ Zhiyuan Wang from Chengdu Security Response Center of Qihoo 360 Technology Co.via Trend Micro's Zero Day Initiative(CVE-2019-7109 CVE-2019-7110 CVE-2019-7111)※,Bo Qu of Palo Alto Networks and Heige of Knownsec 404 Security Team |
| 危险等级 | 高危 | 威胁类型 | 远程 |
| 厂商 | N/A | ||
Adobe Acrobat和Reader都是美国奥多比(Adobe)公司的产品。Adobe Acrobat是一套PDF文件编辑和转换工具。Reader是一套PDF文档阅读软件。
Adobe Acrobat和Reader中存在越界读取漏洞,该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。基于Windows和macOS平台的以下产品和版本受到影响:Acrobat DC(Continuous)2019.010.20098及之前版本,Acrobat 2017(Classic 2017)2017.011.30127及之前版本,Acrobat DC(Classic 2015)2015.006.30482及之前版本;Acrobat Reader DC(Continuous)2019.010.20098及之前版本,Acrobat Reader 2017(Classic 2017)2017.011.30127及之前版本,Acrobat Reader DC(Classic 2015)2015.006.30482及之前版本。
目前厂商已发布升级了Adobe Acrobat和Reader 缓冲区错误漏洞的补丁,Adobe Acrobat和Reader 缓冲区错误漏洞的补丁获取链接:
https://helpx.adobe.com/security/products/acrobat/apsb19-17.html
来源:www.adobe.com
来源:www.securityfocus.com
来源:nvd.nist.gov
来源:www.securityfocus.com
暂无
计算
安全
数据库
网络和加速
AI应用
