Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability
Bugtraq ID: 42203
Class: Boundary Condition Error
CVE: CVE-2010-2862
Remote: Yes
Local: No
Published: Aug 04 2010 12:00AM
Updated: Aug 19 2010 06:33PM
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Adobe announced on its security advisory. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:
• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web
The following products are affected:
Adobe Reader 9.3.3 and prior
Adobe Acrobat 9.3.3 and prior
Adobe Reader 8.2.3 and prior
Acrobat 8.2.3 and prior
Solution:
Updates are available.
http://www.securityfocus.com/bid/42203/solution
Bugtraq ID: 42203
Class: Boundary Condition Error
CVE: CVE-2010-2862
Remote: Yes
Local: No
Published: Aug 04 2010 12:00AM
Updated: Aug 19 2010 06:33PM
Adobe Acrobat and Reader are prone to a remote code-execution vulnerability.
An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Adobe announced on its security advisory. The exploit takes advantage of an unpatched vulnerability in Flash Player, Adobe Reader, and Acrobat, and affects users regardless of whether they use Windows, Macintosh, Solaris, Linux, or UNIX... Attacks can take place in various situations with a few listed below:
• Receiving an email with a malicious PDF attachment.
• Receiving an email with a link to the malicious PDF file or a website with the malicious SWF imbedded in malicious HTML code.
• Stumbling across a malicious PDF or SWF file when surfing the web
The following products are affected:
Adobe Reader 9.3.3 and prior
Adobe Acrobat 9.3.3 and prior
Adobe Reader 8.2.3 and prior
Acrobat 8.2.3 and prior
Solution:
Updates are available.
http://www.securityfocus.com/bid/42203/solution
