Malaysian Computer Emergency Response Team

CONTACT US

SITEMAP

Search:

Home > Services > Advisories > MyCERT Advisories > 2009

MA-166.062009: MyCERT Alert - Multiple Vulnerabilities in Adobe Acrobat

1.0 Introduction

Multiple vulnerabilities have been identified in Adobe Reader 9.1.1 and earlier versions. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required in that a user must visit a malicious web site or open a malicious PDF file.

2.0 Impact

By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader and gain the same privilege as the user. The attack can be lunched via local or remote by abusing Adobe Acrobat web browser plugin.

3.0 Affected Products

Majority of Adobe Acrobat Reader software are vulnerable by these bugs. Below is the details list of vulnerable version:

Adobe Acrobat Standard 8.1.4
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 8.1.2
Adobe Acrobat Standard 8.1.1
Adobe Acrobat Standard 7.1.1
Adobe Acrobat Standard 7.0.8
Adobe Acrobat Standard 7.0.7
Adobe Acrobat Standard 7.0.6
Adobe Acrobat Standard 7.0.5
Adobe Acrobat Standard 7.0.4
Adobe Acrobat Standard 7.0.3
Adobe Acrobat Standard 7.0.2
Adobe Acrobat Standard 7.0.1
Adobe Acrobat Standard 7.0
Adobe Acrobat Standard 9.1
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.1
Adobe Acrobat Standard 8.0
Adobe Acrobat Standard 7.1
Adobe Acrobat Reader 9.1.1
Adobe Acrobat Reader 8.1.5
Adobe Acrobat Reader 8.1.4
Adobe Acrobat Reader 8.1.3
Adobe Acrobat Reader 8.1.2
Adobe Acrobat Reader 8.1.1
Adobe Acrobat Reader 7.1.2
Adobe Acrobat Reader 7.1.1
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 7.0.9
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.8
Adobe Acrobat Reader 7.0.7
Adobe Acrobat Reader 7.0.6
Adobe Acrobat Reader 7.0.5
Adobe Acrobat Reader 7.0.4
Adobe Acrobat Reader 7.0.3
Adobe Acrobat Reader 7.0.2
Adobe Acrobat Reader 7.0.1
Adobe Acrobat Reader 7.0
Adobe Acrobat Reader 9.1
Adobe Acrobat Reader 9
Adobe Acrobat Reader 8.1.2 Security Update
Adobe Acrobat Reader 8.1
Adobe Acrobat Reader 8.0
Adobe Acrobat Reader 7.1
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Professional 8.1.3
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Professional 7.1.1
Adobe Acrobat Professional 7.0.9
Adobe Acrobat Professional 7.0.8
Adobe Acrobat Professional 7.0.7
Adobe Acrobat Professional 7.0.6
Adobe Acrobat Professional 7.0.5
Adobe Acrobat Professional 7.0.4
Adobe Acrobat Professional 7.0.3
Adobe Acrobat Professional 7.0.2
Adobe Acrobat Professional 7.0.1
Adobe Acrobat Professional 7.0
Adobe Acrobat Professional 8.1.2 Security Update
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.0
Adobe Acrobat Professional 7.1

4.0 Recommendation

Upgrade to Adobe Reader 9.1.2. It can be downloaded from this URL : http://get.adobe.com/reader/
If user is not able to upgrade the Adobe Reader, it is advisable to do the followings:

a) Do not open attachment received via email from unknown person or unexpected.
b) Disable JavaScript in Adobe Reader
- 1. Open Your Adobe Acrobat Reader software
- 2. Navigate to Edit -> Preferences -> JavaScript

3.Select 'uncheck' the Enable Acrobat JavaScript.

4.Close the Adobe Reader Software for change to take effect.

MyCERT generally advise users of this product to keep themselves updated with the latest security announcements by the vendor. In case of public received any suspicious PDF and required our further analysis, please reach us at information below:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References