Published: 2009-10-17T12:42+00:00    Last Updated: 2009-10-24T13:02+00:00

Adobe Reader and Acrobat Vulnerabilities (TA09-286B)


Adobe has released Security bulletin APSB09-15, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.

Event Information

Date (UTC)Description
2009-10-14 08:35 JPCERT/CC
JPCERT-AT-2009-0021: Vulnerability in Adobe Reader and Acrobat
2009-10-13 23:07 SANS Internet Storm Center
Adobe Reader and Acrobat - Black Tuesday continues
Adobe pushes just one, but theirs addresses no less than 29!! gaping holes in one single update. As we reported earlier, at least one of these 29 vulnerabilities is already being actively exploited.
2009-10-13 21:09 US-CERT
TA09-286B: Adobe Reader and Acrobat Vulnerabilities
Via US-CERT Mailing List
2009-10-13 17:41 US-CERT
Adobe Releases Security Bulletin for Adobe Reader and Acrobat
US-CERT Current Activity
Adobe has republished security bulletin APSB09-015 to address multiple vulnerabilities in Adobe Reader and Acrobat. These vulnerabilities may allow an attacker to execute arbitrary code, escalate local privileges, or cause a denial-of-service condition.
2009-10-13 11:29 Adobe
APSB09-15: Security Updates Available for Adobe Reader and Acrobat
Adobe recommends users of Adobe Reader 9.1.3 and Acrobat 9.1.3 and earlier versions update to Adobe Reader 9.2 and Acrobat 9.2. Adobe recommends users of Acrobat 8.1.6 and earlier versions update to Acrobat 8.1.7, and users of Acrobat 7.1.3 and earlier versions update to Acrobat 7.1.4. For Adobe Reader users who cannot update to Adobe Reader 9.2, Adobe has provided the Adobe Reader 8.1.7 and Adobe Reader 7.1.4 updates. Updates apply to all platforms: Windows, Macintosh and UNIX.
2009-10-09 21:59 Trend Micro
New Adobe Zero-Day Exploit
TrendLabs | Malware Blog - by Trend Micro
2009-10-08 20:09 SANS Internet Storm Center
New Adobe Vulnerability Exploited in Targeted Attacks
Adobe's PSIRT (Product Security Incident Response Team) published a new blog post today. The post reveals that a critical vulnerability, CVE-2009-3459, is now being exploited in the wild in targeted attacks. The vulnerability affects Adobe 9.1.3 on Windows, Unix and OS X. However, the exploits have been limited to Windows so far.
2009-10-08 19:20 Symantec
ThreatCON (2) => (2)
Adobe has released a security advisory to discuss a critical vulnerability affecting Reader and Acrobat 9.1.3 and earlier on Windows, Macintosh, and Unix platforms.
2009-10-08 09:53 Adobe
Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat
Adobe Product Security Incident Response Team (PSIRT)
2009-10-08 09:50 Adobe
Adobe Reader and Acrobat issue
Adobe Product Security Incident Response Team (PSIRT)
2009-10-08 Trend Micro
Exploiting vulnerability (CVE-2009-3459)
2009-07-21 15:00 n.runs AG
n.runs-SA-2009.007: Invalid pointer write could lead to arbitrary code execution
Vulnerability (CVE-2009-2991) Reported
The default settings of Adobe Acrobat Reader/Acrobat have been applied. A non existing PDF file with-in the <embed> Tag could lead to an invalid pointer write. This occurs when Adobe's PDF plugin gets unloaded in a Firefox instance.
2009-07-17 VUPEN
VUPEN/ADV-2009-2898: Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities
Vulnerability (CVE-2009-3458, CVE-2009-2997, CVE-2009-2998) Reported
These vulnerabilities are caused by memory corruption errors within the U3D filter when processing malformed data in a PDF file, which could allow attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document.
2009-06-22 iDefense
Adobe Acrobat and Reader Firefox Plugin Use After Free Vulnerability
Vulnerability (CVE-2009-2991) Reported
The vulnerability occurs when Firefox attempts to navigate away from a page and unload the PDF viewing plugin. When Firefox calls the plugin's destroy method, the plugin does not properly free its resources. Specifically, a function pointer for the window update routine is not properly freed. This results in uninitialized memory being used when the window is redrawn, which leads to attacker supplied data being executed when the function pointer is dereferenced.
2009-06-09 iDefense
Adobe Acrobat and Reader U3D File Invalid Array Index Vulnerability
Vulnerability (CVE-2009-2990) Reported
The vulnerability occurs when parsing a U3D file embedded inside of a PDF. U3D is a file format used to represent 3D images.
2009-04-28 Zero Day Initiative (ZDI)
ZDI-09-073: Adobe Reader Compact Font Format Malformed Index Memory Corruption Vulnerability
Vulnerability (CVE-2009-2985) Reported
The specific flaw exists when the application parses a PDF file containing a malformed Compact Font Format stream. While decoding the font embedded in this stream, the application will explicitly trust a 16-bit value used to index into an array of elements. Usage of the object later will cause heap corruption which can be leveraged to achieve code execution under the context of the current user.