Status Tracking Note JVNTR-2010-24

Adobe Reader and Acrobat Buffer Overflow Vulnerability (CVE-2010-2883, VU#491991)

Overview

A vulnerability has been discovered in Adobe Reader and Acrobat which may be exploited to run arbitrary code.
Event Information


Date (UTC)Description
2010-09-13 22:11 Adobe
Schedule Update to Security Advisory for Adobe Reader and Acrobat (APSA10-02)
Adobe Product Security Incident Response Team (PSIRT)
Advance notification for Security Update (the week of October 4, 2010).
2010-09-13 17:49 Adobe
Alert: Adobe Reader Upgrade Email Spam/Phishing Scam
Adobe Product Security Incident Response Team (PSIRT)
Adobe Reader Upgrade Email Spam (Email messages purporting to offer a download of a new version of Adobe Reader have been sent by entities claiming to be Adobe.)
2010-09-13 12:30 US-CERT
Adobe Releases Security Advisory for Vulnerability in Reader and Acrobat
US-CERT Current Activity
Public notification for "Security Advisory (APSA10-02) ".
2010-09-10 22:21 Adobe
APSA10-02: Security Advisory for Adobe Reader and Acrobat
Mitigations (Microsoft Enhanced Mitigation Evaluation Toolkit approach) published.
2010-09-08 18:03 SANS Internet Storm Center
Adobe Acrobat/Reader 0-day in Wild, Adobe Issues Advisory
This vulnerability is being actively exploited in the wild.
2010-09-08 17:06 Adobe
APSA10-02: Security Advisory for Adobe Reader and Acrobat
Security Advisory (APSA10-02) published.
2010-09-08 Trend Micro
TROJ_PIDIEF.WM
2010-09-07 19:39
CVE-2010-2883 Adobe 0-Day David Leadbetter's One Point Lesson from 193.106.85.61 thomasbennett34@yahoo.com
This vulnerability is being actively exploited in the wild.
2010-09-06 12:01
Phishing attempt with the subject of "David Leadbetter's One Point Lesson".
This vulnerability is being actively exploited in the wild. [Phishing email with "Subject: David Leadbetter's One Point Lesson"]

Reference

Date first published (UTC): 2010-09-12T03:51+00:00
Date last updated (UTC): 2010-09-21T15:57+00:00
Valid HTML 4.01!