Adobe Reader and Acrobat Vulnerabilities (TA09-286B)
http://jvnrss.ise.chuo-u.ac.jp/jtg/trn/en/JVNTR-2009-24.html
JVNRSS based Status Tracking Notes: Adobe has released Security bulletin APSB09-15, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.JVNRSS Feasibility Study Teamjvn@jvn.jpJVNTR-2009-242009-10-24T13:02+00:002009-10-17T12:42+00:002009-10-24T13:02+00:00Vulnerability in Adobe Reader and Acrobat
http://www.jpcert.or.jp/at/2009/at090021.txt
JPCERT/CCJPCERT-AT-2009-0021http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.html2009-10-14T08:35+00:002009-10-14T08:35+00:002009-10-14T08:35+00:00Adobe Reader and Acrobat - Black Tuesday continues
http://isc.sans.org/diary.html?storyid=7348
Adobe pushes just one, but theirs addresses no less than 29!! gaping holes in one single update. As we reported earlier, at least one of these 29 vulnerabilities is already being actively exploited.
SANS Internet Storm Centerhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459http://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.html2009-10-13T23:07+00:002009-10-13T23:07+00:002009-10-13T23:07+00:00Adobe Reader and Acrobat Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA09-286B.html
Via US-CERT Mailing List
US-CERTTA09-286Bhttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.html2009-10-13T17:09-04:002009-10-13T17:09-04:002009-10-13T17:09-04:00Adobe Releases Security Bulletin for Adobe Reader and Acrobat
http://www.us-cert.gov/current/archive/2009/10/15/archive.html#adobe_releases_security_bulletin_for7
US-CERT Current Activity
Adobe has republished security bulletin APSB09-015 to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition.
US-CERThttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.html2009-10-13T13:41-04:002009-10-13T13:41-04:002009-10-13T13:41-04:00Security Updates Available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb09-15.html
Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX.
AdobeAPSB09-15http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0048http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0045http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2564http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2979http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2980http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2981http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2982http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2983http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2984http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2985http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2986http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2987http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2988http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2989http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2990http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2991http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2992http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2993http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2994http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2995http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2996http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2998http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3431http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3459http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3460http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3461http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34622009-10-13T11:29+00:002009-10-13T11:29+00:002009-10-13T11:29+00:00New Adobe Zero-Day Exploit
http://blog.trendmicro.com/new-adobe-zero-day-exploit/
TrendLabs | Malware Blog - by Trend Micro
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-09T14:59-07:002009-10-09T14:59-07:002009-10-09T14:59-07:00New Adobe Vulnerability Exploited in Targeted Attacks
http://isc.sans.org/diary.html?storyid=7300
Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today. The post reveals that a critical vulnerability, CVE-2009-3459, is now being exploited in the wild in targeted attacks. The vulnerability affects Adobe 9.1.3 on Windows, Unix and OS X. However, the exploits have been limited to Windows so far.
SANS Internet Storm Centerhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-08T20:09+00:002009-10-08T20:09+00:002009-10-08T20:09+00:00ThreatCON (2) => (2)
https://tms.symantec.com/
Adobe has released a security advisory to discuss a critical vulnerability affecting Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh, and Unix platforms.
Symantechttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-08T19:20+00:002009-10-08T19:20+00:002009-10-08T19:20+00:00Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2009/10/pre-notification_-_quarterly_s.html
Adobe Product Security Incident Response Team (PSIRT)
Adobehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-08T09:53+00:002009-10-08T09:53+00:002009-10-08T09:53+00:00Adobe Reader and Acrobat issue
http://blogs.adobe.com/psirt/2009/10/adobe_reader_and_acrobat_issue_1.html
Adobe Product Security Incident Response Team (PSIRT)
Adobehttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-08T09:50+00:002009-10-08T09:50+00:002009-10-08T09:50+00:00TROJ_PIDIEF.UO
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_PIDIEF.UO
Exploiting vulnerability (CVE-2009-3459)
Trend Microhttp://www.us-cert.gov/cas/techalerts/TA09-286B.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-34592009-10-082009-10-082009-10-08Invalid pointer write could lead to arbitrary code execution
http://lists.grok.org.uk/pipermail/full-disclosure/2009-October/071181.html
Vulnerability (CVE-2009-2991) Reported
The default settings of Adobe Acrobat Reader/Acrobat have been applied. A non existing PDF file with-in the <embed> Tag could lead to an invalid pointer write. This occurs when Adobe's PDF plugin gets unloaded in a Firefox instance.
n.runs AGn.runs-SA-2009.007http://www.us-cert.gov/cas/techalerts/TA09-294A.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-29912009-07-22T00:002009-07-22T00:002009-07-22T00:00Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities
http://www.vupen.com/english/advisories/2009/2898
Vulnerability (CVE-2009-3458, CVE-2009-2997, CVE-2009-2998) Reported
These vulnerabilities are caused by memory corruption errors within the U3D filter when processing malformed data in a PDF file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
VUPENVUPEN/ADV-2009-2898http://www.us-cert.gov/cas/techalerts/TA09-294A.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3458http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2997http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-29982009-07-172009-07-172009-07-17Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=826
Vulnerability (CVE-2009-2991) Reported
The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced.
iDefensehttp://www.us-cert.gov/cas/techalerts/TA09-294A.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-29912009-06-222009-06-222009-06-22Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=827
Vulnerability (CVE-2009-2990) Reported
The vulnerability occurs when parsing a U3D file embedded inside of a PDF. U3D is a file format used to represent 3D images.
iDefensehttp://www.us-cert.gov/cas/techalerts/TA09-294A.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-29902009-06-092009-06-092009-06-09Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-09-073
Vulnerability (CVE-2009-2985) Reported
The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. Usage of the object later will cause heap corruption which can be leveraged to achieve code execution under the context of the current user.
Zero Day Initiative (ZDI)ZDI-09-073http://www.us-cert.gov/cas/techalerts/TA09-294A.htmlhttp://www.adobe.com/support/security/bulletins/apsb09-15.htmlhttp://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-29852009-04-282009-04-282009-04-28