Where You Are

Adobe Reader/Acrobat SWF Content Arbitrary Code Execution

Report ID:	SA200903609
Source:	Secunia
Date of Discovery:	23.07.2009
Criticality:	Critical
Affects:	Adobe Acrobat 9.x Adobe Reader 9.x
Compromise From:	From remote
Compromise Type:	System access

Summary

A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system.

Detailed Description

A vulnerability has been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in authplay.dll when processing SWF content and can be exploited to execute arbitrary code.

NOTE: The vulnerability is currently being actively exploited.

The vulnerability is reported in version 9.1.2 and prior 9.x versions.

Solution

Update to version 9.1.3.

Adobe Reader for Windows:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

Adobe Reader for Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

Adobe Reader for UNIX:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

Acrobat Standard and Pro for Windows:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows

Acrobat Pro Extended for Windows:
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows

Acrobat Pro for Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

Tools

Choose Location:

Navigation

Subnavigation

Labs

Adobe Reader/Acrobat SWF Content Arbitrary Code Execution

Summary

Detailed Description

Solution

Original Reference