Adobe Releases Security Advisory for Adobe Reader and Acrobat

Adobe has been released a Security Advisory for Adobe Reader and Acrobat to address a U3D memory corruption vulnerability (CVE-2011-2462) affecting the following software versions:

Affected software versions
  • Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh
  • Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh, and Unix
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker  to cause a denial-of-service condition or take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Window. Adobe Reader X Protected Mode and Acrobat X Protected View would prevent an exploit of this vulnerability.

Adobe also states that a fix for this issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011.

You can find additional information of this vulnerability from the Adobe Security Bulletin ASPA11-04.

Source: US-CERT

No comments: