JPCERT-AT-2010-0022 JPCERT/CC 2010-08-20 <<< JPCERT/CC Alert 2010-08-20 >>> Vulnerabilities in Adobe Reader and Acrobat https://www.jpcert.or.jp/at/2010/at100022.txt I. Overview Multiple vulnerabilities exist in Adobe Acrobat, a PDF file creation and conversion software, and Adobe Reader, a PDF file viewing software. As a result, a remote attacker could terminate Adobe Reader and Acrobat or execute arbitrary code by convincing a user to open a specially crafted PDF file. Adobe - Security Bulletins: Security updates available for Adobe Reader and Acrobat http://www.adobe.com/support/security/bulletins/apsb10-17.html So far, JPCERT/CC has not confirmed any attacks exploiting these vulnerabilities. II. Products Affected Affected products and versions are as follows: - Adobe Reader 9.3.3 and earlier - Adobe Acrobat 9.3.3 and earlier - Adobe Reader 8.2.3 and earlier - Adobe Acrobat 8.2.3 and earlier III. Solution Apply the corrected software provided by Adobe Systems. Adobe Reader and Acrobat will be updated by starting the products, selecting the menu Help (H), and then clicking Check for Updates (U). If update is not possible, download the latest Adobe Reader and Acrobat from the following URL: Adobe.com - New downloads http://www.adobe.com/support/downloads/new.jsp For more information, refer to Adobe Systems' website. IV. References Adobe - Security Bulletins Security updates available for Adobe Reader and Acrobat http://www.adobe.com/support/security/bulletins/apsb10-17.html US-CERT Technical Cyber Security Alert TA10-231A Adobe Reader and Acrobat Vulnerabilities http://www.us-cert.gov/cas/techalerts/TA10-231A.html If you have any further questions or information regarding this alert, please contact JPCERT/CC. ====================================================================== JPCERT Coordination Center (JPCERT/CC) MAIL: info@jpcert.or.jp TEL: +81-3-3518-4600 FAX: +81-3-3518-4602 https://www.jpcert.or.jp/english/