                                                  JPCERT-AT-2010-0017
                                                            JPCERT/CC
                                                           2010-06-30

                  <<< JPCERT/CC Alert 2010-06-30 >>>

            Vulnerabilities in Adobe Reader and Acrobat

             https://www.jpcert.or.jp/at/2010/at100017.txt


I. Overview

  Multiple vulnerabilities exist in Adobe Acrobat, a PDF file creation 
and conversion software, and Adobe Reader, a PDF file viewing software. 
As a result, a remote attacker could terminate Adobe Reader and 
Acrobat or execute arbitrary code by convincing a user to open a 
specially crafted PDF file.

    Adobe - Security Bulletins:
    Security updates available for Adobe Reader and Acrobat
    http://www.adobe.com/support/security/bulletins/apsb10-15.html

  JPCERT/CC has confirmed targeted attacks exploiting these 
vulnerabilities. In such targeted attack, a remote attacker sends 
emails with spoofed sender addresses, and tries to convince recipients 
to execute specially crafted attachments.


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Reader 9.3.2 and earlier
  - Adobe Acrobat 9.3.2 and earlier


III. Solution

  Apply the corrected software provided by Adobe Systems. Adobe Reader 
and Acrobat will be updated by starting the products, selecting the 
menu Help (H), and then clicking Check for Updates (U).

  If update is not possible, download the latest Adobe Reader and 
Acrobat from the following URL:

    Adobe.com - New downloads
    http://www.adobe.com/support/downloads/new.jsp

  For more information, refer to Adobe Systems' website.


IV. Result of JPCERT/CC Verification

  JPCERT/CC has obtained and analyzed the malware in the targeted 
attacks exploiting these vulnerabilities, and identified the system 
outside Japan to which this malware connects. JPCERT/CC then requested 
the local national CSIRT in the area where the relevant system was 
located, to stop the system. As of June 30, 2010, it has been 
confirmed that connection to the system is no longer possible.

  Also, JPCERT/CC has confirmed that the malware used for the targeted 
attacks does not execute after the above corrected programs are 
applied.


V. References

    Adobe - Security Advisory
    APSB10-15 Security updates available for Adobe Reader and Acrobat
    http://www.adobe.com/support/security/bulletins/apsb10-15.html

    IBM Tokyo SOC Report
    SPAM email exploiting Adobe Reader and Acrobat zero-day vulnerability
    https://www-950.ibm.com/blogs/tokyo-soc/entry/adobe0day_spam_20100622

    Vulnerabilities in Adobe Flash Player, Adobe Acrobat/Reader
    http://www.jpcert.or.jp/at/2010/at100015.txt

  If you have any further questions or information regarding this 
alert, please contact JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/