Adobe Acrobat and Reader PDF Data Processing Code Execution Vulnerability
RISK: Extremely High Risk
TYPE: Clients - Productivity Products
A vulnerability has been identified in Adobe Acrobat and Reader, which can be exploited to cause a crash and potentially allow attackers to take control of the affected system.
Notes: Vendor supplied patch is currently unavailable. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows.
Impact
- Denial of Service
- Remote Code Execution
System / Technologies affected
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
For Windows
- Update to version 9.4.7
For Macintosh
Note: Vendor supplied patch is currently unavailable
Workaround: Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.
- To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure "Files from potentially unsafe locations" or "All files" with "Enable Enhanced Security" are checked.
- To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that "Enable Protected Mode at startup" is checked.
Vulnerability Identifier
Source
Related Link
Share with