Published: 2010-01-23T01:59+00:00
Last Updated: 2010-01-23T01:59+00:00
JVNTR-2010-03
Adobe Reader and Acrobat Vulnerabilities (TA10-013A)
Overview
Adobe has released Security Bulletin APSB10-02, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat.
Event Information
| Date (UTC) | Description |
| 2010-01-13 21:10 |
US-CERT TA10-013A: Adobe Reader and Acrobat Vulnerabilities Via US-CERT Mailing List |
| 2010-01-13 14:49 |
SANS Internet Storm Center Adobe Reader and Acrobat patches are available (Version: 2) Adobe, yesterday, published their advisory, along with all the patches for this month's patch cycle. The release (according to the patch notes) is for Adobe Reader and Acrobat <=9.2 for Windows, Macintosh, and UNIX. |
| 2010-01-13 14:24 |
SANS Internet Storm Center Pre-Announced Adobe Reader and Acrobat Patch Found! (Version: 3) |
| 2010-01-13 03:45 |
JPCERT/CC JPCERT-AT-2009-0027: Zero-day Vulnerability in Adobe Reader and Acrobat |
| 2010-01-13 03:45 |
JPCERT/CC JPCERT-AT-2010-0003: Vulnerability in Adobe Reader and Acrobat |
| 2010-01-12 23:01 |
US-CERT Adobe Releases Update for Adobe Reader and Acrobat US-CERT Current Activity Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition. |
| 2010-01-12 15:27 |
Adobe Security update released for Adobe Reader and Acrobat Adobe Product Security Incident Response Team (PSIRT) |
| 2010-01-12 15:27 |
Adobe APSB10-02: Security updates available for Adobe Reader and Acrobat Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX. |
| 2010-01-07 11:14 |
Adobe Pre-Notification - Quarterly Security Update for Adobe Reader and Acrobat Adobe Product Security Incident Response Team (PSIRT) |
| 2010-01-07 01:01 |
SANS Internet Storm Center Static analysis of malicious PDFs While we are still waiting for the patch and the malicious PDFs which exploit CVE-2009-4324 become more and more nasty, here's another quick excursion in dissecting and analyzing hostile PDF files. |
| 2010-01-04 06:29 |
SANS Internet Storm Center Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324 Couple of days ago one of our readers, Ric, submitted a suspicious PDF document to us. As you know, malicious PDF documents are not rare these days, especially when the exploit for a yet unpatched vulnerability is wide spread. |
| 2009-12-24 08:16 |
JPCERT/CC JPCERT-AT-2009-0027: Zero-day Vulnerability in Adobe Reader and Acrobat |
| 2009-12-16 20:15 |
SANS Internet Storm Center Adobe 0-day in the wild - again (Version: 3) It's not ground hog day, but it surely feels like it. The Shadowserver Foundation [1] is reporting about spotting another Adobe 0-day in the wild. |
| 2009-12-16 15:30 |
Trend Micro New Adobe Zero-Day Vulnerability Again TrendLabs | Malware Blog - by Trend Micro |
| 2009-12-15 22:55 |
Adobe Security Advisory APSA09-07 update Adobe Product Security Incident Response Team (PSIRT) We've just updated the Security Advisory posted earlier today to include the planned schedule for a patch to resolve CVE-2009-4324. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue. |
| 2009-12-15 22:55 |
Adobe APSA09-07: Security Advisory for Adobe Reader and Acrobat Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue. |
| 2009-12-15 16:17 |
Adobe Security Advisory- Adobe Reader and Acrobat Adobe Product Security Incident Response Team (PSIRT) A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 ("New Adobe Reader and Acrobat Vulnerability", CVE-2009-4324). |
| 2009-12-15 16:17 |
Adobe APSA09-07: Security Advisory for Adobe Reader and Acrobat Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. |
| 2009-12-15 15:49 |
Symantec ThreatCON (2) => (2) Symantec became aware of a previously unknown vulnerability affecting Adobe Reader and Acrobat 9.2 and prior versions. Attackers can exploit the issue to execute arbitrary code. |
| 2009-12-15 14:29 |
US-CERT Adobe Reader and Acrobat Remote Code Execution Vulnerability US-CERT Current Activity Adobe has stated that they are investigating public reports of a vulnerability affecting Adobe Reader and Acrobat. Public reports indicate that exploitation of this vulnerability may occur when a user opens a specially crafted PDF file. Exploitation of this vulnerability may result in arbitrary code execution. Public reports currently indicate active exploitation of this vulnerability. |
| 2009-12-15 13:08 |
F-Secure Adobe Acrobat 0-Day Analysis F-Secure Weblog : News from the Lab There's a 0-Day PDF exploit taking advantage of a vulnerability found in Adobe Reader and Acrobat 9.2 and earlier. Adobe has issued an advisory on their PSIRT blog. |
| 2009-12-15 |
Trend Micro TROJ_PIDIEF.PGS Exploiting vulnerability (CVE-2009-4324) |
| 2009-12-14 21:48 |
Shadowserver When PDFs Attack II - New Adobe Acrobat [Reader] 0-Day On the Loose It has been a while since we have posted anything publicly, but we promise that we have been hard at work all this time. However, we come to you today with some bad news but hope to be of assistance. The Shadowserver Foundation has become aware of a new vulnerability affecting Adobe Acrobat [Reader] that is currently unpatched. Several tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable. |
| 2009-12-14 16:13 |
Adobe New Adobe Reader and Acrobat Vulnerability Adobe Product Security Incident Response Team (PSIRT) This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). |
| 2009-11-06 |
VUPEN VUPEN/ADV-2010-0103: Adobe Acrobat and Reader U3D Filter Code Execution Vulnerabilities Integer overflow vulnerability in U3D (CVE-2009-3959) Reported This vulnerability is caused by an integer overflow error in the U3D module when processing malformed data, which could be exploited by attackers to execute arbitrary code by tricking a user into opening a specially crafted PDF document. |
| 2009-08-06 |
iDefense Adobe Reader and Acrobat JpxDecode Memory Corruption Vulnerability JpxDecode Memory Corruption Vulnerability (CVE-2009-3955) Reported The vulnerability occurs when processing the Jp2c stream of a JpxDecode encoded data stream within a PDF file. During the processing of a JPC_MS_RGN marker, an integer sign extension may cause a bounds check to be bypassed. This results in an exploitable memory corruption vulnerability. |