
 

                                                  JPCERT-AT-2008-0020
                                                            JPCERT/CC
                                                           2008-11-05

                  <<< JPCERT/CC Alert 2008-11-05 >>>

           Vulnerability in Adobe Acrobat and Adobe Reader

             http://www.jpcert.or.jp/at/2008/at080020.txt


I. Overview

  Adobe Acrobat and Adobe Reader, a PDF file creation and conversion
software and a PDF file viewing software respectively, contain a
vulnerability concerning the processing of JavaScript in a document.
As a result, a remote attacker could terminate Adobe Acrobat and Adobe
Reader processes or execute arbitrary code by convincing a user to
open a specially crafted PDF file.

    Security Update available for Adobe Reader 8 and Acrobat 8
    http://www.adobe.com/support/security/bulletins/apsb08-19.html

  According to Adobe Systems, no attacks exploiting this vulnerability
have been found as of November 5, 2008.


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Reader 8.1.2 and earlier
  - Adobe Acrobat Professional, 3D and Standard 8.1.2 and earlier

  Adobe Acrobat 9 and Adobe Reader 9 are not affected by this
vulnerability.


III. Solution

  Apply the corrected software provided by Adobe Systems. Adobe
Acrobat and Adobe Reader will be updated automatically by starting
the products, selecting the menu Help (H), and then clicking Check for
Updates (U).

  If automatic update is not possible, download Adobe Reader 8.1.3
from the following URL (for Windows):

    Adobe Reader 8.1.3 update - multiple languages
    http://www.adobe.com/support/downloads/detail.jsp?ftpID=4084

  Otherwise, update to Adobe Acrobat 9 and Adobe Reader 9, which are
not affected by this vulnerability.

  For more information, refer to Adobe Systems' website.


IV. References

    JVNTA08-309A
    Update for multiple vulnerabilities in Adobe Reader and Acrobat
    http://jvn.jp/cert/JVNTA08-309A/index.html

    US-CERT Vulnerability Notes for Adobe Security Bulletin APSB08-19
    http://www.kb.cert.org/vuls/byid?searchview&query=APSB08-19

    @police
    Security update for Adobe Systems Adobe Reader and Acrobat (11/5)
    http://www.cyberpolice.go.jp/important/2008/20081105_102211.html


  If you have any information you could provide regarding this alert,
please contact us.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600  FAX: 03-3518-4602
http://www.jpcert.or.jp/