5/15/2023 0 Comments Download.com djvulibre![]() ![]() ![]() Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. An attacker could then install programs view, change, or delete data or create new accounts with full user rights. If the current user is logged on with administrative user rights, an attacker who successfully exploited this vulnerability could take complete control of an affected system. What might an attacker use this vulnerability to do?Īn attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the current user. ![]() Third-party vendors have remediated their software (including Evince, Sumatra PDF Reader, and VuDroid) by updating DjVuLibre to a non-affected version and then redistributing their software. This vulnerability has been remediated in DjVuLibre software, including DjView, by updating DjVuLibre to a non-affected version. How is this vulnerability remediated in applications that use DjVuLibre? Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Ī vulnerability exists when an application using DjVuLibre parses DjVu (.djv) files in a way that results in memory corruption. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. This is a remote code execution vulnerability. The update remediates the software listed in the table, Affected Software. This vulnerability has been fixed via an update from the affected third-party vendors. Is this a security vulnerability that requires Microsoft to issue a security update? This advisory is part of a coordinated release with affected vendors to inform customers of a security issue that may affect their systems. For more information, see the Advisory FAQ section. This advisory discusses the following software: Affected SoftwareĭjVuLibre software version 3.5.25 and earlier versions ĭjVuLibre is included as a component in other software. Issue Referencesįor more information about this issue, see the following references: Reference Recommendation: Review the Suggested Actions section and configure as appropriate. Purpose of Advisory: To notify users of a vulnerability and its remediation. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.Īdvisory Details Purpose and Recommendation An attacker who successfully exploited this vulnerability could gain the same user rights as the current user.Instead, an attacker would have to convince users to visit the website, typically by getting them to click a link in an email message or Instant Messenger message that takes users to the attacker's website, and then convince them to open the specially crafted file. In all cases, however, an attacker would have no way to force users to visit these websites. In addition, compromised websites and websites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit the vulnerability. In a web-based attack scenario, an attacker could host a website that contains a specially crafted file that is used to exploit this vulnerability.For an attack to be successful, a user must open an attachment that is sent in an email message. This vulnerability cannot be exploited automatically through email.For more information, including information about updates from DjVuLibre, see the DjVuLibre website. The vulnerability has been assigned the entry CVE-2012-6535 in the Common Vulnerabilities and Exposures list. Microsoft Vulnerability Research reported this issue to and coordinated with the DjVuLibre project to ensure remediation of this issue. An attacker who successfully exploited this vulnerability could could run arbitrary code in the security context of the current user. The DjVuLibre project maintainers have remediated the vulnerability in their software.Ī vulnerability exists when the an application using DjVuLibre parses DjVu (.djv) files in a way that results in memory corruption. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the DjVuLibre project maintainers. Microsoft is providing notification of the discovery and remediation of a vulnerability affecting DjVuLibre software version 3.5.25 and earlier versions. Feedback In this article Vulnerability in DjVuLibre Could Allow Remote Code Execution ![]()
0 Comments
Leave a Reply. |