Status Tracking Note JVNTR-2010-13

Adobe Reader and Acrobat Vulnerabilities (TA10-103C)

Overview

Adobe has released Security Bulletin APSB10-09, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
Event Information

Date (UTC)Description
2010-04-14 02:48 JPCERT/CC
JPCERT-AT-2010-0009: Vulnerability in Adobe Reader and Acrobat
2010-04-13 18:55 SANS Internet Storm Center
Security update available for Adobe Reader and Acrobat
Adobe has also released updates for their Reader and Acrobat products.
2010-04-13 18:39 US-CERT
Adobe Releases Security Updates for Adobe Reader and Acrobat
US-CERT Current Activity
Adobe has released security updates to address multiple vulnerabilities that affect the following: Adobe Reader 9.3.1 and earlier, Adobe Acrobat 9.3.1 and earlier, Adobe Reader 8.2.1 and earlier, Adobe Acrobat 8.2.1 and earlier
2010-04-13 11:14 Adobe
APSB10-09: Security Advisory for Adobe Reader and Acrobat
Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2.
2010-04-08 10:04 Adobe
Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat
Adobe Product Security Incident Response Team (PSIRT)
2010-04-08 10:04 Adobe
APSB10-09: Security Advisory for Adobe Reader and Acrobat
Adobe is planning to release updates for Adobe Reader 9.3.1 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.1 for Windows and Macintosh, and Adobe Reader 8.2.1 and Acrobat 8.2.1 for Windows and Macintosh to resolve critical security issues. Adobe expects to make these quarterly updates available on April 13, 2010.
2010-03-16 VUPEN
VUPEN/ADV-2010-0873: Adobe Acrobat and Reader PNG Data Buffer Overflow Vulnerability
PNG Data Buffer Overflow Vulnerability (CVE-2010-0198)
Vulnerability Reported
This vulnerability is caused by a buffer overflow error when processing malformed PNG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2010-03-16 VUPEN
VUPEN/ADV-2010-0873: Adobe Acrobat and Reader JPEG Data Buffer Overflow Vulnerability
PNG Data Buffer Overflow Vulnerability (CVE-2010-0199)
Vulnerability Reported
This vulnerability is caused by a buffer overflow error when processing malformed JPEG data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2010-03-16 VUPEN
VUPEN/ADV-2010-0873: Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability
GIF Data Buffer Overflow Vulnerability (CVE-2010-0202)
Vulnerability Reported
This vulnerability is caused by a buffer overflow error when processing malformed GIF (Graphics Interchange Format) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2010-03-16 VUPEN
VUPEN/ADV-2010-0873: Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability
BMP Data Buffer Overflow Vulnerability (CVE-2010-0203)
Vulnerability Reported
This vulnerability is caused by a buffer overflow error when processing malformed BitMap (BMP) data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2010-02-18 Zero Day Initiative (ZDI)
ZDI-10-071: Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability
Font Handling Vulnerability (CVE-2010-0195) Reported
The specific flaw exists within the parsing of embedded fonts inside a PDF document. Upon parsing particular tables out of a font file the application will miscalculate an index used for seeking into a buffer. Later the application will begin to copy data into the calculated pointer corrupting the referenced data structure. Successful exploitation will lead to code execution under the context of the application.

Reference

Date first published (UTC): 2010-04-24T08:49+00:00
Date last updated (UTC): 2010-04-24T08:49+00:00
Valid HTML 4.01!