You are here

T-609: Adobe Acrobat/Reader Memory Corruption Error in CoolType Library Lets Remote Users Execute Arbitrary Code

April 25, 2011 - 7:00am

Addthis

PROBLEM:

A vulnerability was reported in Adobe Acrobat and Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system.

PLATFORM:

Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems

ABSTRACT:

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

reference LINKS:

SecurityTracker Alert ID: 1025434
Mitre Reference: CVE-2011-0610
Critical Security Updates Available for Adobe Reader and Acrobat

IMPACT ASSESSMENT:

High

Discussion:

The second vulnerability addressed by these updates, CVE-2011-0610, is located in the CoolType library, but no attacks are known to exploit it. A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.

Solution:

Adobe recommends users update their software installations by following the instructions below:

Security Bulletin : APSB11-08

Addthis