MA-216.022010: MyCERT Alert - Critical Vulnerability in Adobe Acrobat and Adobe Reader 1.0 Introduction A critical vulnerability (CVE-2010-0188, CVE-2010-0186) has been identified in Adobe Acrobat and Adobe Reader 9.3 and its earlier versions running on Windows, Unix and Mac OS X. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. For an attack to occur, user interaction is required in that a user must visit a malicious web site or open a malicious PDF file. 2.0 Impact By exploiting this vulnerability, an attacker could execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader and gain the same privilege as the user. The attack can be launched locally or remotely by abusing Adobe Acrobat web browser plug-in. Failed attempts will likely result in denial-of-service conditions. 3.0 Affected Products Majority of Adobe Acrobat and Adobe Reader software are prone to this vulnerability. Below is the list of vulnerable products: - Adobe Acrobat 9.2 and earlier versions
- Adobe Acrobat 9.3 and earlier versions
- Adobe Reader 9.2 and earlier versions
- Adobe Reader 9.3 and earlier versions
4.0 Recommendation 4.1 The official security patch for this vulnerability has been released by its vendor and it is available for download at the following URL: http://get.adobe.com/reader/ 4.2 As a MyCERT advises users of the products mentioned in this advisory to keep themselves updated with the latest security announcements from the products’ vendors. In case any suspicious PDF is received which requires our assistance for analysis, please contact us through the following channels:
E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : +60 19 2813801 (24x7 SMS reporting)
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web : http://www.mycert.org.my 5.0 References |
