Published: 2009-10-17T12:42+00:00
Last Updated: 2009-10-24T13:02+00:00
JVNTR-2009-24
Adobe Reader and Acrobat Vulnerabilities (TA09-286B)
Overview
Adobe has released Security bulletin APSB09-15, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
Event Information
| Date (UTC) | Description |
| 2009-10-14 08:35 |
JPCERT/CC JPCERT-AT-2009-0021: Vulnerability in Adobe Reader and Acrobat |
| 2009-10-13 23:07 |
SANS Internet Storm Center Adobe Reader and Acrobat - Black Tuesday continues Adobe pushes just one, but theirs addresses no less than 29!! gaping holes in one single update. As we reported earlier, at least one of these 29 vulnerabilities is already being actively exploited. |
| 2009-10-13 21:09 |
US-CERT TA09-286B: Adobe Reader and Acrobat Vulnerabilities Via US-CERT Mailing List |
| 2009-10-13 17:41 |
US-CERT Adobe Releases Security Bulletin for Adobe Reader and Acrobat US-CERT Current Activity Adobe has republished security bulletin APSB09-015 to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition. |
| 2009-10-13 11:29 |
Adobe APSB09-15: Security Updates Available for Adobe Reader and Acrobat Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX. |
| 2009-10-09 21:59 |
Trend Micro New Adobe Zero-Day Exploit TrendLabs | Malware Blog - by Trend Micro |
| 2009-10-08 20:09 |
SANS Internet Storm Center New Adobe Vulnerability Exploited in Targeted Attacks Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today. The post reveals that a critical vulnerability, CVE-2009-3459, is now being exploited in the wild in targeted attacks. The vulnerability affects Adobe 9.1.3 on Windows, Unix and OS X. However, the exploits have been limited to Windows so far. |
| 2009-10-08 19:20 |
Symantec ThreatCON (2) => (2) Adobe has released a security advisory to discuss a critical vulnerability affecting Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh, and Unix platforms. |
| 2009-10-08 09:53 |
Adobe Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat Adobe Product Security Incident Response Team (PSIRT) |
| 2009-10-08 09:50 |
Adobe Adobe Reader and Acrobat issue Adobe Product Security Incident Response Team (PSIRT) |
| 2009-10-08 |
Trend Micro TROJ_PIDIEF.UO Exploiting vulnerability (CVE-2009-3459) |
| 2009-07-21 15:00 |
n.runs AG n.runs-SA-2009.007: Invalid pointer write could lead to arbitrary code execution Vulnerability (CVE-2009-2991) Reported The default settings of Adobe Acrobat Reader/Acrobat have been applied. A non existing PDF file with-in the <embed> Tag could lead to an invalid pointer write. This occurs when Adobe's PDF plugin gets unloaded in a Firefox instance. |
| 2009-07-17 |
VUPEN VUPEN/ADV-2009-2898: Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities Vulnerability (CVE-2009-3458, CVE-2009-2997, CVE-2009-2998) Reported These vulnerabilities are caused by memory corruption errors within the U3D filter when processing malformed data in a PDF file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. |
| 2009-06-22 |
iDefense Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability Vulnerability (CVE-2009-2991) Reported The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced. |
| 2009-06-09 |
iDefense Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability Vulnerability (CVE-2009-2990) Reported The vulnerability occurs when parsing a U3D file embedded inside of a PDF. U3D is a file format used to represent 3D images. |
| 2009-04-28 |
Zero Day Initiative (ZDI) ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability Vulnerability (CVE-2009-2985) Reported The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. Usage of the object later will cause heap corruption which can be leveraged to achieve code execution under the context of the current user. |