Gladiator Research and Security - » Adobe Patch Released for Reader and Acrobat Vulnerabilities

Links

Other Posts: Domain Registrar Scam; Vulnerability in Microsoft Help and Support Center

Adobe Patch Released for Reader and Acrobat Vulnerabilities

Posted on June 30th, 2010 by Ryan Spanier

GSA Reference Number: AD100630-01
Related GSA Reference Number: AD100607-01

Simply Put: Adobe has released a patch for the previously reported critical remote-code-execution vulnerability in Adobe Reader and Acrobat. This patch addresses additional issues as well. Adobe Reader and Acrobat versions 9.3.2 and earlier should upgrade.

Attack Details: This vulnerability originated in Flash Player 10.0.45.2 and earlier versions and also is present in authplay.dll with Adobe Reader and Acrobat 9.x. Adobe Reader and Acrobat 8.x are not vulnerable. An attacker could exploit this vulnerability by tricking a user into opening a specially-crafted PDF file with flash content or by visiting a malicious website with a specially-crafted Flash file. Further attack details can be found in the Adobe bulletin.

Countermeasures: Adobe has released an official patch to address this vulnerability. The patch can be installed using Adobe Acrobat’s and Reader’s automatic update feature. Alternatively, in the Adobe Bulletin links are provided to download the newest product version.

Reference Links:

Adobe Bulletin (http://www.adobe.com/support/security/bulletins/apsb10-15.html)
SANS ISC Diary Entry (http://isc.sans.edu/diary.html?storyid=9100)

Tags: Acrobat, Adobe, Reader, Remote Code Execution

Reader Comments

Sorry, comments are closed.