Adobe Acrobat/Reader Multiple Vulnerabilities
Last Update Date:
11 Apr 2012 09:13
Release Date:
11 Apr 2012
5410
Views
RISK: Medium Risk
TYPE: Clients - Productivity Products
Multiple vulnerabilities have been identified in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system.
- A remote user can create a specially crafted file that, when loaded by the target user, will trigger a memory corruption error and execute arbitrary code on the target system. The code will run with the privileges of the target user.
- An integer overflow in True Type Font (TTF) handling, a memory corruption error in JavaScript handling, and a security bypass via the Adobe Reader installer can cause code execution.
- A memory corruption error in the JavaScript API can cause code execution on Mac OS X and Linux systems.
Impact
- Remote Code Execution
- Security Restriction Bypass
System / Technologies affected
- Adobe Acrobat/Reader 9.5 and prior versions
- Adobe Acrobat/Reader 10.1.2 and prior versions
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- The vendor has issued a fix (9.5.1, 10.1.3).
http://www.adobe.com/support/security/bulletins/apsb12-08.html
Vulnerability Identifier
Source
Related Link
Share with