Skip to main content

Special Announcement

  • 25 Jun 2024

    Announcement for Change of Chinese Name

    Please note that the Chinese name of HKCERT is changed from 「香港電腦保安事故協調中心」 to 「香港網絡安全事故協調中心」 with immediate effect.

    The English name, abbreviation, web address and email address remained unchanged.

Adobe Reader and Acrobat Multiple Code Execution Vulnerability

Last Update Date: 28 Jan 2011 Release Date: 12 Oct 2009 4683 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, integer and heap overflows, and array indexing and input validation errors when processing malformed data, which could be exploited by attackers to disclose sensitive information, spoof data, crash an affected application, or execute arbitrary code by tricking a user into opening a specially crafted PDF document or visiting a malicious web page.


Impact

  • Remote Code Execution

System / Technologies affected

  • Adobe Reader version 9.1.3 and prior (Windows, Macintosh, and UNIX)
  • Adobe Reader version 8.1.6 and prior (Windows, Macintosh, and UNIX)
  • Adobe Reader version 7.1.3 and prior (Windows and Macintosh)
  • Adobe Acrobat version 9.1.3 and prior (Windows, Macintosh, and UNIX)
  • Adobe Acrobat version 8.1.6 and prior (Windows, Macintosh, and UNIX)
  • Adobe Acrobat version 7.1.3 and prior (Windows and Macintosh)

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Upgrade to Adobe Acrobat and Reader versions 9.2, 8.1.7, or 7.1.4 :
http://www.adobe.com/go/gntray_prod_acrobat_family_home


Vulnerability Identifier


Source


Related Link