JPCERT-AT-2010-0017
JPCERT/CC
2010-06-30
<<< JPCERT/CC Alert 2010-06-30 >>>
Vulnerabilities in Adobe Reader and Acrobat
https://www.jpcert.or.jp/at/2010/at100017.txt
I. Overview
Multiple vulnerabilities exist in Adobe Acrobat, a PDF file creation
and conversion software, and Adobe Reader, a PDF file viewing software.
As a result, a remote attacker could terminate Adobe Reader and
Acrobat or execute arbitrary code by convincing a user to open a
specially crafted PDF file.
Adobe - Security Bulletins:
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-15.html
JPCERT/CC has confirmed targeted attacks exploiting these
vulnerabilities. In such targeted attack, a remote attacker sends
emails with spoofed sender addresses, and tries to convince recipients
to execute specially crafted attachments.
II. Products Affected
Affected products and versions are as follows:
- Adobe Reader 9.3.2 and earlier
- Adobe Acrobat 9.3.2 and earlier
III. Solution
Apply the corrected software provided by Adobe Systems. Adobe Reader
and Acrobat will be updated by starting the products, selecting the
menu Help (H), and then clicking Check for Updates (U).
If update is not possible, download the latest Adobe Reader and
Acrobat from the following URL:
Adobe.com - New downloads
http://www.adobe.com/support/downloads/new.jsp
For more information, refer to Adobe Systems' website.
IV. Result of JPCERT/CC Verification
JPCERT/CC has obtained and analyzed the malware in the targeted
attacks exploiting these vulnerabilities, and identified the system
outside Japan to which this malware connects. JPCERT/CC then requested
the local national CSIRT in the area where the relevant system was
located, to stop the system. As of June 30, 2010, it has been
confirmed that connection to the system is no longer possible.
Also, JPCERT/CC has confirmed that the malware used for the targeted
attacks does not execute after the above corrected programs are
applied.
V. References
Adobe - Security Advisory
APSB10-15 Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-15.html
IBM Tokyo SOC Report
SPAM email exploiting Adobe Reader and Acrobat zero-day vulnerability
https://www-950.ibm.com/blogs/tokyo-soc/entry/adobe0day_spam_20100622
Vulnerabilities in Adobe Flash Player, Adobe Acrobat/Reader
http://www.jpcert.or.jp/at/2010/at100015.txt
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top