JPCERT-AT-2008-0012
JPCERT/CC
2008-06-24 (First edition)
2008-06-25 (Updated)
<<< JPCERT/CC Alert 2008-06-24 >>>
Vulnerability in Adobe Acrobat and Adobe Reader
http://www.jpcert.or.jp/at/2008/at080012.txt
I. Overview
Adobe Acrobat and Adobe Reader, PDF file creation and conversion
software and PDF file viewing software respectively, contain a
vulnerability concerning the processing of JavaScript in a document.
As a result, a remote attacker could terminate Adobe Acrobat and
Adobe Reader or execute arbitrary code by convincing a user to open
a specially crafted PDF file.
Security Update available for Adobe Reader and Acrobat 8.1.2
http://www.adobe.com/support/security/bulletins/apsb08-15.html
According to the information provided by Adobe Systems, attacks
exploiting this vulnerability have already been found.
II. Products Affected
Affected products and versions are as follows:
- Adobe Reader 8.0 through 8.1.2
- Adobe Reader 7.0.9 and earlier
- Adobe Acrobat Professional, 3D and Standard 8.0 through 8.1.2
- Adobe Acrobat Professional, 3D and Standard 7.0.9 and earlier
Note that Adobe Reader 7.1.0 and Acrobat 7.1.0 are not affected
by this vulnerability.
III. Solution
Apply the corrected software provided by Adobe Systems. In Windows
and Mac environments, Adobe Reader will be updated automatically by
starting the product, selecting the menu Help (H), and then clicking
Check for Updates (U). For more information, refer to Adobe Systems'
website.
IV. References
@police
Security update for Adobe Systems Adobe Reader and Acrobat (6/24)
http://www.cyberpolice.go.jp/important/2008/20080624_111241.html
If you have any information you could provide regarding this alert,
please contact us.
__________
Revision history
2008-06-24 First edition
2008-06-24 Revised typos and added references
2008-06-25 Deleted the statement that the automatic update did not
work
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
http://www.jpcert.or.jp/
Top