JPCERT-AT-2010-0026
JPCERT/CC
2010-10-06
<<< JPCERT/CC Alert 2010-10-06 >>>
Vulnerabilities in Adobe Reader and Acrobat
https://www.jpcert.or.jp/at/2010/at100026.txt
I. Overview
Multiple vulnerabilities exist in Adobe Reader, a PDF file viewing
software, and Adobe Acrobat, a PDF file creation and conversion
software. As a result, a remote attacker could terminate Adobe Reader
and Acrobat or execute arbitrary code by convincing a user to open a
specially crafted PDF file. JPCERT/CC has already observed attacks
exploiting this vulnerability. Users are recommended to update to the
corrected software provided by Adobe Systems.
Adobe - Security Bulletins:
Security Updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-21.html
III. Affected products
Products affected by this vulnerability are listed below.
- Adobe Reader 9.3.4 and earlier
- Adobe Acrobat 9.3.4 and earlier
- Adobe Reader 8.2.4 and earlier
- Adobe Acrobat 8.2.4 and earlier
III. Solution
Apply the corrected software provided by Adobe Systems. Adobe Reader
and Acrobat will be updated by starting the products, selecting the
menu "Help (H)", and then clicking "Check for Updates (U)".
If update is not possible, download the latest Adobe Reader and
Acrobat from the following URL:
Adobe.com - New downloads
http://www.adobe.com/support/downloads/new.jsp
For more information, refer to Adobe Systems' website.
IV. Result of JPCERT/CC Verification
JPCERT/CC has verified that widely spread exploit code that exploits
Adobe Reader and Acrobat vulnerabilities does not run in the following
verification environment.
[Verification environment]
Windows XP SP3, Vista SP2, 7
Adobe Reader 9.4
[Verification result]
JPCERT/CC has opened an exploit PDF file in the above environment
and has confirmed that the exploit code does not execute.
V. References
Adobe - Security Bulletins
Security Updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-21.html
Adobe - Security Bulletins
Security updates available for Adobe Flash Player
http://www.adobe.com/support/security/bulletins/apsb10-22.html
IBM Tokyo SOC Report
Targeted attack exploiting Adobe Reader zero-day vulnerability
https://www-950.ibm.com/blogs/tokyo-soc/entry/adobe_0day_20100922
IBM Tokyo SOC Report
Drive-by-download attack exploiting Adobe Reader zero-day vulnerability
https://www-950.ibm.com/blogs/tokyo-soc/entry/adobe_0day_20100928
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top