You are here

U-054: Security Advisory for Adobe Reader and Acrobat

December 7, 2011 - 8:00am

Addthis

PROBLEM:

Adobe Acrobat/Reader U3D Memory Corruption Error Lets Remote Users Execute Arbitrary Code

PLATFORM:

Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

ABSTRACT:

This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing.

reference LINKS:

Security Advisory for Adobe Reader and Acrobat
SecurityTracker Alert ID: 1026376

IMPACT ASSESSMENT:

High

Discussion:

A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows..

Solution:

Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing. To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure "Files from potentially unsafe locations" or "All files" with "Enable Enhanced Security" are checked. To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that "Enable Protected Mode at startup" is checked.

Addthis