You are here

V-157: Adobe Reader / Acrobat Multiple Vulnerabilities

May 16, 2013 - 6:00am

Addthis

PROBLEM:

Adobe has released security updates for Adobe Reader and Acrobat

PLATFORM:

The vulnerabilities are reported in the following versions:

Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Acrobat XI 11.x
Adobe Reader 9.x
Adobe Reader X 10.x
Adobe Reader XI 11.x

ABSTRACT:

These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system

REFERENCE LINKS:

Secunia Advisory SA53420
Adobe Security Bulletin APSB13-15
CVE-2013-2549
CVE-2013-2550
CVE-2013-2718
CVE-2013-2719
CVE-2013-2720
CVE-2013-2721
CVE-2013-2722
CVE-2013-2723
CVE-2013-2724
CVE-2013-2725
CVE-2013-2726
CVE-2013-2727
CVE-2013-2729
CVE-2013-2730
CVE-2013-2731
CVE-2013-2732
CVE-2013-2733
CVE-2013-2734
CVE-2013-2735
CVE-2013-2736
CVE-2013-2737
CVE-2013-3337
CVE-2013-3338
CVE-2013-3339
CVE-2013-3340
CVE-2013-3341
CVE-2013-3342

IMPACT ASSESSMENT:

High

DISCUSSION:

1) Some unspecified errors can be exploited to cause memory corruption and execute arbitrary code.

2) Some other unspecified errors can be exploited to cause memory corruption and execute arbitrary code.

3) An integer underflow error can be exploited to execute arbitrary code.

4) A use-after-free error can be exploited to bypass the Adobe Reader sandbox protection.

5) An unspecified error related to the Javascript API can be exploited to disclose certain information.

6) An unspecified error can be exploited to cause a stack overflow and execute arbitrary code.

7) A boundary error within AdobeCollabSync.exe when reading registry values can be exploited to cause a stack-based buffer overflow and bypass the  sandbox.

8) Another unspecified error can be exploited to cause buffer overflows and execute arbitrary code.

9) An integer overflow error can be exploited to execute arbitrary code.

10) An integer overflow error within the AcroForm.api plugin when decoding RLE8 compressed BMP files can be exploited to cause a heap-based buffer overflow.

11) An unspecified error exists related to handling of blacklisted domains in the operating system.

IMPACT:

Security Bypass
Exposure of sensitive information
System access

SOLUTION:

Adobe recommends users update their product installations to the latest versions:

Adobe Reader Windows

Adobe Reader Mac

Adobe Reader Linux

Adobe Acrobat Windows Standard and Pro or Pro Extended

Adobe Acrobat Pro Mac

Users can also use the Check for Updates feature within the software for latest version

Addthis