Malaysian Computer Emergency Response Team

Services

Advisories Cyber999 Help Centre Malware Research Centre Incident Statistics

MyCERT Statistic

Reported Incidents based on General Incident Classification Statistics 2010

Help Centre

Reporting Channels

MyCERT Advisories

MyCERT Advisories, Alerts and Summaries for the year 2010

MA-226.042010: MyCERT Alert - Multiple Critical Vulnerability in Adobe Acrobat and Reader

1.0 Introduction

Multiple critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX; Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh; and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

2.0 Impact

An attacker who successfully exploits these vulnerabilities will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.

3.0 Affected Products

Majority of the Adobe Acrobat and Adobe Reader versions are prone to this vulnerability. Below is the list of vulnerable products:

Adobe Acrobat Standard 9.1.3
Adobe Acrobat Standard 9.1.2
Adobe Acrobat Standard 8.2.1
Adobe Acrobat Standard 8.1.7
Adobe Acrobat Standard 8.1.6
Adobe Acrobat Standard 8.1.4
Adobe Acrobat Standard 8.1.3
Adobe Acrobat Standard 8.1.2
Adobe Acrobat Standard 8.1.1
Adobe Acrobat Standard 9.3
Adobe Acrobat Standard 9.2
Adobe Acrobat Standard 9.1
Adobe Acrobat Standard 9
Adobe Acrobat Standard 8.2
Adobe Acrobat Standard 8.1
Adobe Acrobat Standard 8.0
Adobe Acrobat Professional 9.3.1
Adobe Acrobat Professional 8.2.1
Adobe Acrobat Professional 8.1.7
Adobe Acrobat Professional 8.1.6
Adobe Acrobat Professional 8.1.4
Adobe Acrobat Professional 8.1.3
Adobe Acrobat Professional 8.1.2
Adobe Acrobat Professional 8.1.1
Adobe Acrobat Professional 9.3
Adobe Acrobat Professional 8.2
Adobe Acrobat Professional 8.1.2 Security Update
Adobe Acrobat Professional 8.1
Adobe Acrobat Professional 8.0
Adobe Acrobat 9.3.1
Adobe Acrobat 9.1.1
Adobe Acrobat 9.3
Adobe Acrobat 9.2

4.0 Recommendation

The official security patch for these vulnerabilities has been released by the vendor and it is available for download at the following URL:

http://get.adobe.com/reader/

MyCERT advises users of the products mentioned in this advisory to keep themselves updated with the latest security announcements from the products' vendor. MyCERT can be reached through the following channels:

E-mail : mycert@mycert.org.my
Phone : +603 89926969 or 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <REPORT>to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my

5.0 References