Adobe Reader / Acrobat Two Vulnerabilities

Last Update Date: 21 Feb 2013 Release Date: 15 Feb 2013 5383 Views

RISK: Extremely High Risk

Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Two vulnerabilities have been identified in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system.

 

A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

 

Note:

These vulnerabilities are being actively exploited in the wild.

Impact

  • Remote Code Execution

System / Technologies affected

  • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • [Updated 21 Feb 2013]
    Vendor patch is available (http://www.adobe.com/support/security/bulletins/apsb13-07.html), please update to the following versions:
    • Adobe Reader XI (11.0.02)
    • Adobe Reader X (10.1.6)
    • Adobe Reader 9.5.4
    • Adobe Acrobat XI (11.0.02)
    • Adobe Acrobat X (10.1.6)
    • Adobe Acrobat 9.5.4
  • If you cannot apply any of the above updates, please use workaround:
    • Window Users
      - Enable Protected View
        Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View.
        To enable this setting, choose the  "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) men
      - Disable Javascript
        To disable Javascript in Adobe Reader and Acrobat, uncheck "Enable Acrobat JavaScript" under the Edit > Preferences > JavaScript menu.
    • Mac Users
      - Use the built-in Preview application as the default PDF viewer.
        Right click on any PDF file. Choose Get Info. Then use the Open with: option to choose Preview as your default PDF handler, and click Change All to make the
        change global
    • Linux Users
      - Consider switching to a different PDF reader, or make sure that Adobe Reader is not default PDF reader

 

Vulnerability Identifier

Source

Related Link

Share with

Previous

Mozilla Firefox, Thunderbird and Seamonkey Multiple Vulnerabilities

20 Feb 2013 3569 Views

Next

Google Chrome Multiple Vulnerabilities

25 Feb 2013 3558 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY