Gladiator Research and Security

A number of critical vulnerabilities have been found in older versions of Adobe Acrobat and Adobe Reader.  The vulnerabilities affect version 8 of the Adobe products, more specifically, Adobe Reader 8.1.2 and earlier versions, Adobe Acrobat Professional, 3D, and Standard 8.1.2 and earlier versions.  These vulnerabilities could potentially cause a number of issues including a denial of service or even remote code execution through a specially-crafted .pdf file, which could lead to a system take-over.

It is recommended that users of Adobe Acrobat and Adobe Reader upgrade Version 9, the latest version .  Users who wish to remain using version 8 of the products should upgrade to version 8.1.3.  Links to both versions are provided below.

•    Version 9 – (http://www.adobe.com/go/getreader)

•    Version 8.1.3 for Windows – (http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows)

•    Adobe Security Advisory – (http://www.adobe.com/support/security/bulletins/apsb08-19.html)

[Updated Nov 07, 2008]

It appears that some of the vulnerabilities are being exploited.  The SANS Internet Storm Center (ISC) has some example code pulled directly from a malicious file.  The link to the ISC story is provided below.

•    Internet Storm Center Diary – (http://isc.sans.org/diary.html?storyid=5312&rss)