JPCERT-AT-2011-0010
                                                             JPCERT/CC
                                                            2011-04-22

                  <<< JPCERT/CC Alert 22.04.11>>>

             Vulnerabilities in Adobe Reader and Acrobat

            https://www.jpcert.or.jp/at/2011/at110010.txt


I. Overview

  Multiple vulnerabilities exist in Adobe Acrobat Reader, a PDF file 
viewing software, and Adobe Acrobat, a PDF file creation and 
conversion software. As a result, a remote attacker could terminate 
Adobe Reader and Acrobat or execute arbitrary code by convincing a 
user to open a specially crafted PDF file. JPCERT/CC has confirmed 
attacks exploiting these vulnerabilities. 

    Adobe Security Bulletins APSB11-08
    Security updates available for Adobe Reader and Acrobat
    http://www.adobe.com/support/security/bulletins/apsb11-08.html


II. Products Affected

  Affected products and versions are as follows:

  - Adobe Acrobat X (10.0.2) and earlier
  - Adobe Acrobat 9.4.3 and earlier
  - Adobe Reader X (10.0.1) and earlier
  - Adobe Reader 9.4.3 and earlier

  However, according to Adobe Systems, Adobe Reader X Protected Mode 
mitigates the effect of this vulnerability. The corrected software of 
Adobe Reader X is planned to be released with the next quarterly 
security update on June 14, 2011 (USA time). 
  Futhermore, Adobe Reader and Acrobat 8.x are not affected by this 
vulnerability.

  For more information, refer to Adobe Systems' website.


III. Solution

  Apply the corrected software provided by Adobe Systems.  Adobe Reader 
and Acrobat will be updated by starting the products, selecting the 
menu Help (H), and then clicking Check for Updates (U).

  If update is not possible, download the latest Adobe Reader and 
Acrobat from the following URL:

    Adobe.com - New downloads
    http://www.adobe.com/support/downloads/new.jsp

  For more information, refer to Adobe Systems' website.


IV. References

    Adobe - APSA11-02:
    Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
    http://www.adobe.com/support/security/advisories/apsa11-02.html

    Adobe - APSB11-07: 
    Security update available for Adobe Flash Player
    http://www.adobe.com/support/security/bulletins/apsb11-07.html

    JVNVU#230057
    Vulnerability in Adobe Flash Player
    https://jvn.jp/cert/JVNVU230057/index.html

    Vulnerability in Adobe Flash Player
    https://www.jpcert.or.jp/at/2011/at110009.txt
    https://www.jpcert.or.jp/english/at/2011/at110009.txt


  If you have any further questions or information regarding this 
alert, please contact JPCERT/CC.

======================================================================
JPCERT Coordination Center (JPCERT/CC)
MAIL: info@jpcert.or.jp
TEL: +81-3-3518-4600  FAX: +81-3-3518-4602
https://www.jpcert.or.jp/english/