You are here

U-064: Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code

December 19, 2011 - 9:15am

Addthis

PROBLEM:

Adobe Acrobat/Reader PRC Memory Corruption Error Lets Remote Users Execute Arbitrary Code.

PLATFORM:

Adobe Acrobat Reader Version(s): 10.1.1 and prior versions

ABSTRACT:

A vulnerability was reported in Adobe Acrobat/Reader, this vulnerability is being actively exploited against Windows-based systems.

referenceĀ  LINKS:

SecurityTracker Alert ID: 1026432
APSB11-30
CVE-2011-4369
JC3-CIRC Tech Bulletin U-054
APSA11-04

IMPACT ASSESSMENT:

High

Discussion:

A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the PRC component and execute arbitrary code on the target system. The code will run with the privileges of the target user.There have been reports of two critical vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. These vulnerabilities (CVE-2011-2462, referenced in Security Advisory APSA11-04, and CVE-2011-4369) could cause a crash and potentially allow an attacker to take control of the affected system.

Impact:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system. Vulnerabilities exist in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh, there is no immediate risk to users of Adobe Reader and Acrobat X for Windows (with Protected Mode/Protected View enabled), Adobe Reader and Acrobat X or earlier versions for Macintosh, and Adobe Reader 9.x for UNIX based on the current exploits and historical attack patterns. Today's updates address these vulnerabilities in Adobe Reader and Acrobat 9.x for Windows. Adobe recommends users of Adobe Reader 9.4.6 and earlier 9.x versions for Windows update to Adobe Reader 9.4.7. Adobe recommends users of Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows update to Adobe Acrobat 9.4.7.

Solution:

The vendor plans to issue a fix for Adobe Reader and Acrobat X and prior versions for Mac as part of the next quarterly update scheduled for January 10, 2012.
The vendor plans to issue a fix for Adobe Reader 9.x for UNIX by January 10, 2012.
Users can utilize the product's update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates. Update support Acrobat Downloads.

Addthis