-
Senior Member
POTENTIAL major vulnerability for Multiple OS's --- please read and check your HW/SW
Gang,
As part of an assignment at work, I found something. I took the two days to research it and verify its status...
This could impact all of us. I respectfully ask you all consider the potential impact on your machine(s) and usage of the product(s) identified.
These are official and you are free to research and track as you see fit.
I suggest after you evaluate it... you consider contacting your virus folks for an update... giving them this info.
Knowing how linux works... it is possible for this to allow a ring 3 application to modify the kernel as it could gain access to the WHOLE MACHINE.
Here are the two main links to get you into the appropriate resources to do whatever resource is needed/appropriate for you.
Mitre runs the web site for the DHS Cyber folks...
http://cve.mitre.org/cgi-bin/cvename...=CVE-2009-0928
http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
Edit: 28-Mar-2009 --- Link was changed.
Static Link now: http://web.nvd.nist.gov/view/vuln/de...=CVE-2009-0928
You may also just jump to this location from the first link (mitre) as well.
Chuck
Last edited by Chuck; 03-28-2009 at 06:14 PM.
Reason: Corrected static link to reflect current status.
-
Senior Member
Addendum ---- Fresh Adobe update -- unproven.
Adobe has just posted an update, but it has not yet, AFAIK, been tested and certified to eliminate the exploit.
I will follow this status and report. Anyone may update as appropriate.
Windows versions are now 9.1 instead of 9.0.x
C.
-
Senior Member
Vulnerability status changed & static link correction/change
Either it got updated (again from e3s1 to e4s1) or I made a small copy/paste error..
The original post now has been edited to contain the proper static links
Bottom line... update anything you have from adobe and watch the status of this until it is closed.
(Linux and windows)
Fixes from Adobe can be found directly here:
References to Advisories, Solutions, and Tools
By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.
External Source: CONFIRM
Name: http://www.adobe.com/support/securit...apsb09-04.html
C.
Last edited by Chuck; 03-28-2009 at 06:39 PM.
Reason: state change & direct fix link
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
in training, fellow supporter of Firefox.