You are here

V-091: Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code

February 14, 2013 - 12:22am

Addthis

PROBLEM:

Adobe Acrobat/Reader Bug Lets Remote Users Execute Arbitrary Code

PLATFORM:

Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

ABSTRACT:

Adobe has identified critical vulnerabilities in Adobe Reader and Acrobat

REFERENCE LINKS:

Adobe Reader and Acrobat Vulnerability Report
Vulnerability identifier: APSA13-02
SecurityTracker Alert ID:  1028133
Blog.fireeye
CVE-2013-0640
CVE-2013-0641

IMPACT ASSESSMENT:

Hgh

DISCUSSION:

A remote user can create a specially crafted PDF file that, when loaded by the target user, will execute arbitrary code on the target system. The code will run with the privileges of the target user.

This vulnerability is being actively exploited against Windows-based systems.

IMPACT:

A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.

SOLUTION:

Adobe is in the process of working on a fix

Addthis