Skip to main content

Adobe Reader and Acrobat Multiple Code Execution Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 14 Jan 2010 5493 Views

RISK: Medium Risk

Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system.

1. Due to an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.

2. Due to a use-after-free error within the "DocMedia.newPlayer()" function.

3. Due to a memory corruption error in the U3D module when processing malformed data, which could be exploited to execute arbitrary code.

4. Due to an error in 3D, which could allow attackers to load malicious DLLs and execute arbitrary code.

5. Due to an unspecified memory corruption, which could allow code execution.

6. Due to an unspecified script injection error.

7. Due to a NULL pointer dereference error, which could be exploited to cause a denial of service.

8. Due to a buffer overflow error in the Download Manager, which could be exploited to execute arbitrary code.


Impact

  • Denial of Service
  • Remote Code Execution
  • Security Restriction Bypass

System / Technologies affected

  • Adobe Reader version 9.2 and prior
  • Adobe Acrobat version 9.2 and prior

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.


Vulnerability Identifier


Source


Related Link