Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

Discussion in 'TechTalk' started by mohit, Aug 19, 2010.

  1. mohit

    mohit Guppy

    Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability

    [​IMG]

    Bugtraq ID: 42203
    Class: Boundary Condition Error
    CVE: CVE-2010-2862
    Remote: Yes
    Local: No
    Published: Aug 04 2010 12:00AM
    Updated: Aug 19 2010 06:33PM

    Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.

    An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

    Adobe announced on its security advisory. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:

    • Receiving an email with a malicious PDF attachment.
    • Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
    • Stumbling across a malicious PDF or SWF file when surfing the web

    The following products are affected:

    Adobe Reader 9.3.3 and prior
    Adobe Acrobat 9.3.3 and prior
    Adobe Reader 8.2.3 and prior
    Acrobat 8.2.3 and prior

    Solution:
    Updates are available.
    http://www.securityfocus.com/bid/42203/solution
  2. Stephen

    Stephen US Operations Staff Member

Share This Page

JodoHost - 26,000 hosting end-users in 100 countries
Plesk Web Hosting
VPS Hosting
H-Sphere Web Hosting
Other Services