MA-249.092010 : MyCERT Alert - Multiple Critical Vulnerabilities in Adobe Acrobat and Reader
Date of publication: 2010-09-09
A critical vulnerability (CVE-2010-2883) has been identified in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system. 
This issue is caused by a buffer overflow error in the "CoolType.dll" module when processing a PDF document containing malformed SING (Smart INdependent Glyphlets) fonts, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document. 
MyCERT is aware that a '0-day' exploit is being available in the wild and actively being used by the attacker.
An attacker who successfully exploits these vulnerabilities will be able to execute codes remotely and gain the same privilege as the user. Unsuccessful attacks may cause denial-of-service (DoS) outcomes.
3.0 Affected Products
Majority of the Adobe Acrobat and Adobe Reader versions are prone to this vulnerability. Below is the list of vulnerable products:
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
At the time of this writing, Adobe has not released any patches to address this vulnerability.
1. Open Your Adobe Acrobat or Adobe Reader software
Close the Adobe Acrobat or Adobe Reader Software for change to take effect.
Users are also recommended to browse the Internet with least privilege user to limit the execution of the malicious file and do not open attachment or browse to unknown website received via email from unknown person or unexpected.
MyCERT advises users of the products mentioned in this advisory to keep themselves updated with the latest security announcements from the products' vendor. MyCERT can be reached through the following channels:
E-mail : email@example.com
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT <EMAIL> <COMPLAINT> to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT