Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

mohit

Guppy
Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability

adobe-logo.jpg


Bugtraq ID: 42203
Class: Boundary Condition Error
CVE: CVE-2010-2862
Remote: Yes
Local: No
Published: Aug 04 2010 12:00AM
Updated: Aug 19 2010 06:33PM

Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Adobe announced on its security advisory. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:

• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web

The following products are affected:

Adobe Reader 9.3.3 and prior
Adobe Acrobat 9.3.3 and prior
Adobe Reader 8.2.3 and prior
Acrobat 8.2.3 and prior

Solution:
Updates are available.
http://www.securityfocus.com/bid/42203/solution
 
Back
Top