F-Secure
Tools
Adobe Reader and Acrobat Two Vulnerabilities
| Report ID: | SA201006422 |
| Source: | F-Secure |
| Date of Discovery: | 10.03.2010 |
| Criticality: | Critical |
| Affects: | Adobe Reader 9.3 and earlier versions Adobe Acrobat 9.3 and earlier versions |
| Compromise From: | From remote |
| Compromise Type: | Remote code execution DoS |
Summary
Two vulnerabilities reported in Adober Reader 9.3 and Adobe Acrobat 9.3 could allow unauthorized cross-domain requests or cause the application to crash.
Detailed Description
Adobe has reported two vulnerabilities in Adobe Reader 9.3, Adobe Acrobat 9.3, Adobe Reader 8.3 and Adobe Acrobat 8.3.
• One of the vulnerability could allow remote attackers to bypass intended sandbox restrictions and make unauthorized cross-domain requests.
• The other vulnerability could cause the application to crash, and possibly allow an attacker to take control of the affected system.
Solution
Install the latest update.
Adobe Reader
• UNIX (http://get.adobe.com/reader/)
Adobe Acrobat
• Acrobat Standard and Pro on Windows (http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows)
• Acrobat Pro Extended on Windows (http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows)
• Acrobat 3D on Windows (http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows)
• Acrobat Pro on Macintosh (http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh)
Original Reference
Adobe Security Bulletins: APSB10-07 (http://www.adobe.com/support/security/bulletins/apsb10-07.html)
CVE Reference
CVE-2010-0186
CVE-2010-0188
CVE-2010-0188