Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities

Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities

Title : Adobe Acrobat and Reader Multiple Code Execution Vulnerabilities
VUPEN ID : VUPEN/ADV-2010-1636
CVE ID : CVE-2010-1240 - CVE-2010-1285 - CVE-2010-1295 - CVE-2010-1297 - CVE-2010-2168 - CVE-2010-2201 - CVE-2010-2202 - CVE-2010-2203 - CVE-2010-2204 - CVE-2010-2205 - CVE-2010-2206 - CVE-2010-2207 - CVE-2010-2208 - CVE-2010-2209 - CVE-2010-2210 - CVE-2010-2211 - CVE-2010-2212
CWE ID : VUPEN VNS Only
CVSS V2 : VUPEN VNS Only
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2010-06-29


Technical Description Receive VUPEN Security alerts in a Text format Receive VUPEN Security alerts in a PDF format Receive VUPEN Security alerts in an XML format

Multiple vulnerabilities have been identified in Adobe Reader and Acrobat, which could be exploited by attackers to cause a denial of service or compromise a vulnerable system. These issues are caused by memory corruptions, invalid pointers, uninitialized memory, array-indexing and use-after-free errors when processing malformed data within a PDF document, which could be exploited by attackers to crash an affected application or execute arbitrary code by tricking a user into opening a specially crafted PDF document.

Affected Products

Adobe Reader version 9.3.2 and prior
Adobe Reader version 8.2.2 and prior
Adobe Acrobat version 9.3.2 and prior
Adobe Acrobat version 8.2.2 and prior

Solution

Upgrade to Adobe Acrobat and Reader version 9.3.3 or 8.2.3 :
http://www.adobe.com/support/security/bulletins/apsb10-15.html

References

http://www.vupen.com/english/advisories/2010/1636
http://www.adobe.com/support/security/bulletins/apsb10-15.html