JPCERT-AT-2009-0006
JPCERT/CC
2009-03-11 (First edition)
2009-03-19 (Updated)
<<< JPCERT/CC Alert 2009-03-11 >>>
Vulnerability in Adobe Reader and Acrobat
http://www.jpcert.or.jp/at/2009/at090006.txt
I. Overview
Adobe Acrobat and Adobe Reader, a PDF file creation and conversion
software and a PDF file viewing software respectively, contain a
vulnerability in the processing of JBIG2. As a result, a remote
attacker could terminate Adobe Acrobat and Adobe Reader or execute
arbitrary code by convincing a user to open a specially crafted PDF
file.
Security Updates available for Adobe Reader 9 and Acrobat 9
http://www.adobe.com/support/security/bulletins/apsb09-03.html
According to Adobe Systems, several attacks exploiting this
vulnerability have been observed.
II. Products Affected
Affected products and versions are as follows:
- Adobe Reader 9 and earlier
- Adobe Acrobat 9 Standard, Pro, Pro Extended and earlier
III. Solution
Apply the corrected software provided by Adobe Systems. Adobe Reader
and Acrobat will be updated by starting the products, selecting the
menu Help (H), and then clicking Check for Updates (U).
If update is not possible, download the latest Adobe Acrobat and
Adobe Reader from the following URLs (for Windows):
Adobe - Adobe Reader download
http://get.adobe.com/reader/
Adobe Acrobat 9.1 Pro and Standard update
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4375
Adobe Acrobat 9.1 Pro Extended update
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4381
*** Update: Revised on March 19, 2009 ********************************
Adobe Acrobat 8.1.4 Professional, Standard update - multiple
languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4410
Adobe Acrobat 8.1.4 3D update - multiple languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4414
Adobe Reader 8.1.4 Update - Multiple Languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4417
Adobe Acrobat 7.1.1 Standard and Professional Update - Multiple
Languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4412
Adobe Acrobat 7.1.1 3D update - multiple languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4415
Adobe Reader 7.1.1 Update - Multiple Languages
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4416
**********************************************************************
For more information, refer to Adobe Systems' website.
IV. References
JVNTA09-051A
Adobe Reader and Acrobat Vulnerability
http://jvn.jp/cert/JVNTA09-051A/index.html
Adobe - Security Advisories
APSB09-03 - Security Updates available for Adobe Reader 9 and
Acrobat 9
http://www.adobe.com/support/security/bulletins/apsb09-03.html
Security updates for buffer overflow vulnerability in Adobe Reader
and Acrobat versions 9 and earlier (prior information released
on February 19, 2009)
http://www.adobe.com/jp/support/security/advisories/apsa09-01.html
If you have any information you could provide regarding this alert,
please contact us.
________
Revision history
2009-03-11 First edition
2009-03-12 Revised the descriptions of the product names
Deleted the statement that the automatic update did not
work
2009-03-19 Revised the security update information for Adobe Reader 7
and 8, as well as Adobe Acrobat 7 and 8
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: 03-3518-4600 FAX: 03-3518-4602
Top