MA-294.122011 : MyCERT Alert - A Critical Vulnerability in Adobe Reader and Adobe Acrobat
Date of publication: 2011-12-07
A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.  According to Adobe, there are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
Risk for Adobe Reader X users is significantly lower, as Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat and Adobe Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. 
3.0 Affected Products
Below is the list of vulnerable products:
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
As of the writing of this advisory, Adobe has not released any security patches for this vulnerability. However, users can use the following steps as a temporary workaround:
Upgrade to the latest Adobe Reader X or Adobe Acrobat X and enable the Adobe Reader X Protected Mode and Adobe Acrobat X Protected View
- To verify Protected View for Acrobat X is enabled, go to:
Edit > Preferences > Security (Enhanced) and ensure "Files from potentially unsafe locations" or "All files" with "Enable Enhanced Security" are checked.
- To verify Protected Mode for Adobe Reader X is enabled, go to:
Edit > Preferences > General and verify that "Enable Protected Mode at startup" is checked.
- Open Your Adobe Acrobat or Adobe Reader software
- Close the Adobe Acrobat or Adobe Reader Software for change to take effect.
Utilize Enhanced Mitigation Experience Toolkit
Users are also recommended to browse the Internet & using the vulnerable version of the products with least privilege user to limit the execution of the malicious file and do not open attachment or browse to unknown website received via email from unknown person or unexpected.
MyCERT advises users of the products mentioned in this advisory to keep themselves updated with the latest security announcements from the products' vendor. MyCERT can be reached through the following channels:
E-mail : email@example.com
Phone : 1-300-88-2999 (monitored during business hours)
Fax : +603 89453442
Handphone : +60 19 2665850 (24x7 call incident reporting)
SMS : CYBER999 REPORT to 15888
Business Hours : Mon - Fri 08:30 -17:30 MYT