MyCERT Advisories
MyCERT Advisories, Alerts and Summaries for the year 2010
Bookmark and Share

MA-245.082010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Acrobat and Reader

1.0 Introduction

Multiple critical vulnerabilities (CVE-2010-2862 and CVE-2010-1240) have been identified in Adobe Reader 9.3.3 (and earlier versions) for Windows, Macintosh and UNIX; Adobe Acrobat 9.3.3 (and earlier versions) for Windows and Macintosh; and Adobe Reader 8.2.3 (and earlier versions) and Adobe Acrobat 8.2.3 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

2.0 Impact

An attacker who successfully exploits these vulnerabilities will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.

3.0 Affected Products

Majority of the Adobe Acrobat and Adobe Reader versions are prone to this vulnerability. Below is the list of vulnerable products:

  • Adobe Reader 9.3.3
  • Adobe Reader 9.3.2
  • Adobe Reader 9.3.1
  • Adobe Reader 9.1.3
  • Adobe Reader 9.1.2
  • Adobe Reader 9.1.1
  • Adobe Reader 8.2.3
  • Adobe Reader 8.2.2
  • Adobe Reader 8.2.1
  • Adobe Reader 8.1.7
  • Adobe Reader 8.1.6
  • Adobe Reader 8.1.5
  • Adobe Reader 8.1.4
  • Adobe Reader 8.1.3
  • Adobe Reader 8.1.2
  • Adobe Reader 8.1.1
  • Adobe Reader 9.3
  • Adobe Reader 9.2
  • Adobe Reader 9.1
  • Adobe Reader 9
  • Adobe Reader 8.2
  • Adobe Reader 8.1.2 Security Update
  • Adobe Reader 8.1
  • Adobe Reader 8.0
  • Adobe Acrobat Standard 9.3.3
  • Adobe Acrobat Standard 9.3.2
  • Adobe Acrobat Standard 9.3.1
  • Adobe Acrobat Standard 9.1.3
  • Adobe Acrobat Standard 9.1.2
  • Adobe Acrobat Standard 8.2.2
  • Adobe Acrobat Standard 8.2.1
  • Adobe Acrobat Standard 8.1.7
  • Adobe Acrobat Standard 8.1.6
  • Adobe Acrobat Standard 8.1.4
  • Adobe Acrobat Standard 8.1.3
  • Adobe Acrobat Standard 8.1.2
  • Adobe Acrobat Standard 8.1.1
  • Adobe Acrobat Standard 9.3
  • Adobe Acrobat Standard 9.2
  • Adobe Acrobat Standard 9.1
  • Adobe Acrobat Standard 9
  • Adobe Acrobat Standard 8.2
  • Adobe Acrobat Standard 8.1
  • Adobe Acrobat Standard 8.0
  • Adobe Acrobat Reader (for Linux) 9.1.1
  • Adobe Acrobat Professional 9.3.3
  • Adobe Acrobat Professional 9.3.2
  • Adobe Acrobat Professional 9.3.1
  • Adobe Acrobat Professional 9.1.3
  • Adobe Acrobat Professional 9.1.2
  • Adobe Acrobat Professional 8.2.2
  • Adobe Acrobat Professional 8.2.1
  • Adobe Acrobat Professional 8.1.7
  • Adobe Acrobat Professional 8.1.6
  • Adobe Acrobat Professional 8.1.4
  • Adobe Acrobat Professional 8.1.3
  • Adobe Acrobat Professional 8.1.2
  • Adobe Acrobat Professional 8.1.1
  • Adobe Acrobat Professional 9.3
  • Adobe Acrobat Professional 9.2
  • Adobe Acrobat Professional 9.1
  • Adobe Acrobat Professional 9
  • Adobe Acrobat Professional 8.2
  • Adobe Acrobat Professional 8.1.2 Security Updat
  • Adobe Acrobat Professional 8.1
  • Adobe Acrobat Professional 8.0
  • Adobe Acrobat 9.3.3
  • Adobe Acrobat 9.3.2
  • Adobe Acrobat 9.3.1
  • Adobe Acrobat 9.1.1
  • Adobe Acrobat 8.2.3
  • Adobe Acrobat 8.2.2
  • Adobe Acrobat 9.3
  • Adobe Acrobat 9.2

4.0 Recommendation

The vendor has released the official security patch for these vulnerabilities and it is available for download at the following URL:

MyCERT advises users of the products mentioned in this advisory to keep themselves updated with the latest security announcements from the products’ vendor. MyCERT can be reached through the following channels:
E-mail : mycert@mycert.org.my
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT
Web: http://www.mycert.org.my


5.0 References