JPCERT-AT-2010-0031
JPCERT/CC
2010-11-17
<<< JPCERT/CC Alert 2010-11-17 >>>
Vulnerabilities in Adobe Reader and Acrobat
https://www.jpcert.or.jp/at/2010/at100031.txt
I. Overview
Multiple vulnerabilities exist in Adobe Acrobat Reader, a PDF file
viewing software, and Adobe Acrobat, a PDF file creation and
conversion software. As a result, a remote attacker could terminate
Adobe Reader and Acrobat or execute arbitrary code by convincing a user
to open a specially crafted PDF file. JPCERT/CC has confirmed attacks
exploiting these vulnerabilities. Users are recommended to update to
the corrected software provided by Adobe Systems.
Adobe - Security Bulletins:
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-28.html
II. Products Affected
Affected products and versions are as follows:
- Adobe Reader 9.4 and earlier
- Adobe Acrobat 9.4 and earlier
- Adobe Reader 8.x
III. Solution
Apply the corrected software provided by Adobe Systems.
Adobe Reader and Acrobat will be updated by starting the products,
selecting the menu Help (H), and then clicking Check for Updates (U).
If update is not possible, download the latest Adobe Reader and
Acrobat from the following URL:
Adobe.com - New downloads
http://www.adobe.com/support/downloads/new.jsp
For more information, refer to Adobe Systems' website.
According to Adobe Systems, the corrected software for Adobe Reader
8.x has not been provided in this emergency patch, and the
vulnerabilities will be fixed in the next software release. Users who
use Adobe Reader 8.x are recommended to update to the Adobe Reader
9.4.1.
IV. Result of JPCERT/CC Verification
JPCERT/CC has verified that the currently existing multiple exploit
code that exploit Adobe Reader and Acrobat vulnerabilities does not
run in the following verification environment.
[Verification environment]
Windows XP SP3, Vista SP2, 7
Adobe Acrobat 9.4.1
Adobe Reader 9.4.1
[Verification result]
JPCERT/CC has opened an exploit PDF file in the above environment
and has confirmed that the exploit code does not execute.
V. References
Adobe - Security Bulletins
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb10-28.html
Adobe - Security Bulletins
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa10-05.html
Adobe Product Security Incident Response Team (PSIRT) Blog
Potential issue in Adobe Reader
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
IBM Tokyo SOC Report
Attacks exploiting Adobe Reader zero-day vulnerabilities confirmed
https://www-950.ibm.com/blogs/tokyo-soc/entry/adobe_reader_0day_20101105
TrendLabs SECURITY BLOG
Is "mstmp" a "gumblar" virus? Adobe products zero-day attack
again! - Looking back at threat trends of October 2010
http://blog.trendmicro.co.jp/archives/3741
JPCERT-AT-2010-0029
Vulnerabilities in Adobe Flash Player
https://www.jpcert.or.jp/at/2010/at100029.txt
http://www.jpcert.or.jp/english/at/2010/at100029.txt
If you have any further questions or information regarding this
alert, please contact JPCERT/CC.
======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600 FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/
Top