Skip to main content

Adobe Reader / Acrobat Two Vulnerabilities

Last Update Date: 21 Feb 2013 Release Date: 15 Feb 2013 6449 Views

RISK: Extremely High Risk

TYPE: Clients - Productivity Products

TYPE: Productivity Products

Two vulnerabilities have been identified in Adobe Acrobat/Reader. A remote user can cause arbitrary code to be executed on the target user's system.

 

A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

 

Note:

These vulnerabilities are being actively exploited in the wild.


Impact

  • Remote Code Execution

System / Technologies affected

  • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • [Updated 21 Feb 2013]
    Vendor patch is available (http://www.adobe.com/support/security/bulletins/apsb13-07.html), please update to the following versions:
    • Adobe Reader XI (11.0.02)
    • Adobe Reader X (10.1.6)
    • Adobe Reader 9.5.4
    • Adobe Acrobat XI (11.0.02)
    • Adobe Acrobat X (10.1.6)
    • Adobe Acrobat 9.5.4
  • If you cannot apply any of the above updates, please use workaround:
    • Window Users
      - Enable Protected View
        Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View.
        To enable this setting, choose the  "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) men
      - Disable Javascript
        To disable Javascript in Adobe Reader and Acrobat, uncheck "Enable Acrobat JavaScript" under the Edit > Preferences > JavaScript menu.
    • Mac Users
      - Use the built-in Preview application as the default PDF viewer.
        Right click on any PDF file. Choose Get Info. Then use the Open with: option to choose Preview as your default PDF handler, and click Change All to make the
        change global
    • Linux Users
      - Consider switching to a different PDF reader, or make sure that Adobe Reader is not default PDF reader

 


Vulnerability Identifier


Source


Related Link