[SingCERT] Security Updates for Adobe Reader and Acrobat

Last Updated on Monday, 16 April 2012 17:27

[ Summary ]

Adobe has released updates for Adobe Reader and Acrobat. The updates fix several vulnerabilities which can be exploited by remote user to cause arbitrary code to be executed.

•             An integer overflow in True Type Font (TTF) handling can cause code execution [CVE-2012-0774]
•             A memory corruption error in JavaScript handling can cause code execution [CVE-2012-0775]
•             A security bypass via the Adobe Reader installer can cause code execution [CVE-2012-0776]
•             A memory corruption error in the JavaScript API can cause code execution on Mac OS X and Linux systems [CVE-2012-0777]

[ Affected Systems ]

•Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh
•Adobe Reader 9.5 and earlier 9.x versions for Windows and Macintosh
•Adobe Reader 9.4.6 and earlier 9.x versions for Linux
•Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh
•Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

[ Impact Analysis ]

Successful exploitation of these vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

[ Solution/Workaround ]

Apply updates provided by Adobe.

[ Reference ]
http://www.adobe.com/support/security/bulletins/apsb12-08.html