Related information

Adobe Acrobat and Reader multiple security vulnerabilities

CVE-2010-0188 Exploit Code

iDefense Security Advisory 01.12.10: Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability

VUPEN Security Research - Adobe Acrobat and Reader U3D Integer Overflow Vulnerability

Security updates available for Adobe Reader and Acrobat

From:	CERT <cert_(at)_cert.gov>
Date:	17.01.2010
Subject:	US-CERT Technical Cyber Security Alert TA10-013A -- Adobe Reader and Acrobat Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


                   National Cyber Alert System

             Technical Cyber Security Alert TA10-013A


Adobe Reader and Acrobat Vulnerabilities

  Original release date:
  Last revised: --
  Source: US-CERT


Systems Affected

    * Adobe Reader and Acrobat 9.2 and earlier 9.x versions
    * Adobe Reader and Acrobat 8.1.7 and earlier 8.x versions


Overview

  Adobe has released Security bulletin APSB10-02, which describes
  multiple vulnerabilities affecting Adobe Reader and Acrobat.


I. Description

  Adobe Security Advisory APSB10-02 describes a number of
  vulnerabilities affecting Adobe Reader and Acrobat. These
  vulnerabilities affect Reader  9.2 and earlier 9.x versions and
  8.1.7 and earlier 8.x versions.  Further details are available in
  the US-CERT Vulnerability Notes Database.
  
  An attacker could exploit these vulnerabilities by convincing a
  user to open a specially crafted PDF file. The Adobe Reader browser
  plug-in is available for multiple web browsers and operating
  systems, which can automatically open PDF documents hosted on a
  website.
  
  Some of these vulnerabilities are being actively exploited.


II. Impact

  These vulnerabilities could allow a remote attacker to execute
  arbitrary code, write arbitrary files or folders to the file
  system, escalate local privileges, or cause a denial of service on
  an affected system as the result of a user opening a malicious PDF
  document.


III. Solution

  Update
  
  Adobe has released updates to address this issue. Users are
  encouraged to read Adobe Security Bulletin APSB10-02 and update
  vulnerable versions of Adobe Reader and Acrobat.
  
  Disable JavaScript in Adobe Reader and Acrobat
  
  Disabling JavaScript may prevent some exploits from resulting in
  code execution. Acrobat JavaScript can be disabled using the
  Preferences menu (Edit -> Preferences -> JavaScript; un-check
  Enable Acrobat JavaScript).
  
  Prevent Internet Explorer from automatically opening PDF documents
  
  The installer for Adobe Reader and Acrobat configures Internet
  Explorer to automatically open PDF files without any user
  interaction. This behavior can be reverted to a safer option that
  prompts the user by importing the following as a .REG file:
  
  Windows Registry Editor Version 5.00
  
  [HKEY_CLASSES_ROOT\AcroExch.Document.7]
  "EditFlags"=hex:00,00,00,00
  
  Disable the display of PDF documents in the web browser
  
  Preventing PDF documents from opening inside a web browser will
  partially mitigate this vulnerability. If this workaround is
  applied it may also mitigate future vulnerabilities.
  
  To prevent PDF documents from automatically being opened in a web
  browser, do the following:
  
  1. Open Adobe Acrobat Reader.
  2. Open the Edit menu.
  3. Choose the preferences option.
  4. Choose the Internet section.
  5. Un-check the "Display PDF in browser" check box.
  
  Do not access PDF documents from untrusted sources
  
  Do not open unfamiliar or unexpected PDF documents, particularly
  those hosted on websites or delivered as email attachments. Please
  see Cyber Security Tip ST04-010.


IV. References

* Adobe Security Bulletin APSB10-02 -
  <http://www.adobe.com/support/security/bulletins/apsb10-02.html>

* Vulnerability Note VU#508357 -
  <https://www.kb.cert.org/vuls/id/508357>

* Vulnerability Note VU#773545 -
  <https://www.kb.cert.org/vuls/id/773545>

____________________________________________________________________

  The most recent version of this document can be found at:

    <http://www.us-cert.gov/cas/techalerts/TA10-013A.html>
____________________________________________________________________

  Feedback can be directed to US-CERT Technical Staff. Please send
  email to <cert@cert.org> with "TA10-013A Feedback VU#508357" in
  the subject.
____________________________________________________________________

  For instructions on subscribing to or unsubscribing from this
  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
____________________________________________________________________

  Produced 2010 by US-CERT, a government organization.

  Terms of use:

    <http://www.us-cert.gov/legal.html>
____________________________________________________________________

Revision History
 
 January 13, 2010: Initial release


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBS0402NucaIvSvh1ZAQJ3NQf+IbEop63x4l0P2ns/qPIVL3XaBd6xx11n
+8eqQk0+ZtpmrPb03UjWaeh1tkNu98R4sMWZQENOWVbbeYLzAKLHPNf48ewqvzbl
UvmW/kLxdu88Ux1BPNpJahX3zZgGqIswYSlGyIhlkpiLhUVrzfssykwyYbGZvGVn
so9Euz4/1ZThOgAFoGY8xsqXVZ45lcS6YY2ACkl84r6BBcayzVtIsvfxKDfNMvfP
bxjrXNqoLB/9n6x150uo2iF1dtB6uj/V+GVRFZa/X6lySTp/R+InBK8mpsxWMPB4
/la9+twnIB5cPHpNq1WVPhxbElsM3JCAndKEiLLTencMYPLc4i1cLQ==
=KC5F
-----END PGP SIGNATURE-----