Published: 2009-02-23T11:11+00:00
Last Updated: 2009-03-20T17:55+00:00
JVNTR-2009-07
Adobe Acrobat and Reader Vulnerability (TA09-051A)
Overview
Adobe has released Security Bulletin APSB09-01, which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code.
Event Information
| Date (UTC) | Description |
| 2009-03-24 |
Adobe APSB09-04: Security Updates available for Adobe Reader and Acrobat Bulletin updated with information on Adobe Reader 9.1 and Adobe Reader 8.1.4 for Unix updates and additional JBIG2 issues. |
| 2009-03-19 12:46 |
SANS Internet Storm Center Adobe Security Bulletin Adobe Reader and Acrobat Adobe has released security advisory APSB09-04 for Adobe Reader and Acrobat. The CVE entries related to the vulnerabilities being patched are CVE-2009-0658 and CVE-2009-0927. |
| 2009-03-19 03:16 |
JPCERT/CC JPCERT-AT-2009-0006: Vulnerability in Adobe Reader and Acrobat |
| 2009-03-18 20:39 |
US-CERT Adobe Releases Security Bulletin US-CERT Current Activity Adobe has released security bulletin APSB09-04 to address multiple vulnerabilities, one of which is the JBIG2 vulnerability originally addressed in security advisory APSA09-01 and security bulletin APSB09-03. These vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. |
| 2009-03-18 |
Adobe APSB09-04: Security Updates available for Adobe Reader and Acrobat Critical vulnerabilities have been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that one of these issues is being exploited (CVE-2009-0658). |
| 2009-03-12 06:44 |
JPCERT/CC JPCERT-AT-2009-0006: Vulnerability in Adobe Reader and Acrobat |
| 2009-03-11 13:45 |
US-CERT Adobe Releases Security Updates for Reader 9 and Acrobat 9 US-CERT Current Activity Adobe has released Reader 9.1 and Acrobat 9.1 to address a vulnerability. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 streams. Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code or cause a denial-of-service condition. Adobe has indicated that it is aware of reports of active exploitation. |
| 2009-03-11 13:12 |
SANS Internet Storm Center Adobe Update is finally out, well, some of them Adobe has named this release "9.1" for both Adobe Reader and Adobe 9 (Standard, Pro, and Pro Extended). |
| 2009-03-11 |
JPCERT/CC JPCERT-AT-2009-0006: Vulnerability in Adobe Reader and Acrobat |
| 2009-03-10 22:51 |
SANS Internet Storm Center Adobe Acrobat 9.1 released (Version: 3) Adobe Acrobat fix that was released today |
| 2009-03-10 20:52 |
US-CERT New Attack Vectors for Adobe JBIG2 Vulnerability US-CERT Current Activity US-CERT is aware of public reports of two new attack vectors for a vulnerability affecting Adobe Reader and Acrobat. This vulnerability is due to a buffer overflow condition that exists in the way Adobe Acrobat Reader handles JBIG2 Streams. |
| 2009-03-10 |
Adobe APSB09-03: Security Updates available for Adobe Reader 9 and Acrobat 9 A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. |
| 2009-02-25 02:12 |
SANS Internet Storm Center Adobe Acrobat pdf 0-day exploit, No JavaScript needed! So there is a brief blog post linked below that highlights the fact that the new adobe PDF vulnerability can be exploited without the use of JavaScript. |
| 2009-02-24 15:05 |
SANS Internet Storm Center Adobe Reader/Acrobat 0-day Clarification So there is a brief blog post linked below that highlights the fact that the new adobe PDF vulnerability can be exploited without the use of JavaScript. |
| 2009-02-23 03:03 |
SANS Internet Storm Center Adobe/Acrobat 0-day in the wild? (Version: 7) According to our friends over at Shadowserver, There is a new Acrobat 0-day in the wild. They say you can avoid it by turning off Javascript inside of your Adobe Acrobat products. |
| 2009-02-21 10:24 |
Shadowserver More on the Adobe Acrobat 0-Day 1) The earliest patch will be for Adobe 9 and will not be available until March 11, 2009. Patches for other versions will follow. 2) The issue apparently affects Adobe 9, 8, and 7 on *all* platforms. |
| 2009-02-20 21:05 |
US-CERT TA09-051A: Adobe Acrobat and Reader Vulnerability Via US-CERT Mailing List |
| 2009-02-20 15:45 |
Symantec ThreatCON (2) => (2) Symantec is aware of a vulnerability in Adobe Reader. The vendor is aware of the issue and is working on a fix. |
| 2009-02-20 15:20 |
US-CERT Adobe Releases Security Bulletin for Critical Vulnerability US-CERT Current Activity Adobe has released a Security Bulletin to alert users of a vulnerability in Adobe Reader and Acrobat. This vulnerability may allow an attacker to execute arbitrary code or cause a denial-of-service condition. Adobe indicates that it has received reports of active exploitation. |
| 2009-02-20 06:37 |
Symantec Security Response Blog : Vulnerabilities & Exploits Targeted PDFs Used as Exploits Symantec Security Response has received several PDF files that actively exploit a vulnerability in Adobe Reader. We are continuing to remain in contact with Adobe on this vulnerability in order to ensure the security of our mutual customers. |
| 2009-02-20 |
IBM Internet Security Systems Adobe Reader and Adobe Acrobat JBIG2 Image Stream Remote Code Execution JBIG2 Image Stream Vulnerability (CVE-2009-0658) Adobe Acrobat Reader and Adobe Acrobat 9.0 and earlier are vulnerable to a vulnerability that would allow an attacker to execute arbitrary code on a remote system by enticing a user to open a specially-crafted PDF file. Targeted exploitation was reported on Feb. 13, 2009, and public proof-of-concept exploits are expected over the weekend of Feb. 20th. |
| 2009-02-19 15:03 |
Shadowserver When PDFs Attack - Acrobat [Reader] 0-Day On the Loose The Shadowserver Foundation has recently become aware of a very severe vulnerability in Adobe Acrobat affecting versions 8.x and 9 that is currently on the loose in the wild and being actively exploited. |
| 2009-02-19 |
Adobe APSA09-01: Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited. |
| 2009-02-12 17:18 |
Symantec Trojan.Pidief.E |