Adobe Reader and Acrobat Multiple Code Execution Vulnerability
RISK: Medium Risk
Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to bypass security restrictions, gain knowledge of sensitive information, cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, integer and heap overflows, and array indexing and input validation errors when processing malformed data, which could be exploited by attackers to disclose sensitive information, spoof data, crash an affected application, or execute arbitrary code by tricking a user into opening a specially crafted PDF document or visiting a malicious web page.
Impact
- Remote Code Execution
System / Technologies affected
- Adobe Reader version 9.1.3 and prior (Windows, Macintosh, and UNIX)
- Adobe Reader version 8.1.6 and prior (Windows, Macintosh, and UNIX)
- Adobe Reader version 7.1.3 and prior (Windows and Macintosh)
- Adobe Acrobat version 9.1.3 and prior (Windows, Macintosh, and UNIX)
- Adobe Acrobat version 8.1.6 and prior (Windows, Macintosh, and UNIX)
- Adobe Acrobat version 7.1.3 and prior (Windows and Macintosh)
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
Upgrade to Adobe Acrobat and Reader versions 9.2, 8.1.7, or 7.1.4 :
http://www.adobe.com/go/gntray_prod_acrobat_family_home
Vulnerability Identifier
- CVE-2007-0045
- CVE-2007-0048
- CVE-2009-2979
- CVE-2009-2980
- CVE-2009-2981
- CVE-2009-2982
- CVE-2009-2983
- CVE-2009-2984
- CVE-2009-2985
- CVE-2009-2986
- CVE-2009-2987
- CVE-2009-2988
- CVE-2009-2989
- CVE-2009-2990
- CVE-2009-2991
- CVE-2009-2992
- CVE-2009-2993
- CVE-2009-2994
- CVE-2009-2995
- CVE-2009-2996
- CVE-2009-2997
- CVE-2009-2998
- CVE-2009-3431
- CVE-2009-3458
- CVE-2009-3459
- CVE-2009-3460
- CVE-2009-3461
- CVE-2009-3462
Source
Related Link
Share with