Secunia Logo  
 Vulnerability InformationVulnerability ScanningCommunityBlog - new entry!Corporate InformationOnline ShopCustomer Login  
 Secunia AdvisoriesSecunia ResearchBinary Analysis  
Home > Vulnerability Information > Secunia Advisories > Adobe Reader/Acrobat Multiple Vulnerabilities
Secunia Advisories
Advisories
Search
Advisories by Product
Advisories by Vendor
Historic Advisories
Mailing Lists
Report Vulnerability
Contact Form
Business Solutions Restricted
Partner Solutions Restricted
About


Secunia PSI WorldMap 		 
Adobe Reader/Acrobat Multiple Vulnerabilities
Secunia Advisory: SA33901
Advisory Toolbox:
Issue ticket
Save in to-do list
Mark as handled
Exploit information
Download as PDF
Review actions
Add comment
Release Date: 2009-02-20
Last Update: 2009-03-25
Popularity: 41,498 views

Critical:
Extremely critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch

Software:Adobe Acrobat 7 Professional
Adobe Acrobat 7.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Acrobat 9.x
Adobe Reader 7.x
Adobe Reader 8.x
Adobe Reader 9.x
Binary Analysis: BA680 :: Available for 1 Credit
BA688 :: Available for 1 Credit
BA700 :: Available for 1 Credit
BA701 :: Available for 1 Credit

Secunia CVSS-2 Score: Available in Secunia business solutions

Subscribe: Instant alerts on relevant vulnerabilities


Advisory Content (Page 2 of 3)[ 1 ] [ 2 ] [ 3 ]

Solution:
Adobe Reader 9:
Update to version 9.1:
http://get.adobe.com/reader/

Adobe Reader 7 and 8 for Windows:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/download....jsp?product=10&platform=Windows

Adobe Reader 7 and 8 for Macintosh:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/download...sp?product=10&platform=Macintosh

Acrobat 9 Standard and Acrobat 9 Pro for Windows:
Update to version 9.1:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4375
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4382

Acrobat 9 Pro Extended for Windows:
Update to version 9.1:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4381

Acrobat 9 Pro for Macintosh:
Update to Acrobat 9.1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4374

Adobe Acrobat 8 for Windows:
Update to version 8.1.4:
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows

Adobe Acrobat 8 for Macintosh:
Update to version 8.1.4:
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh

Adobe Acrobat 3D Version 8 for Windows:
Update to version 8.1.4:
http://www.adobe.com/support/download....jsp?product=112&platform=Windows

Adobe Acrobat 7 for Windows:
Update to version 7.1.1:
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows

Adobe Acrobat 7 for Macintosh:
Update to version 7.1.1:
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh

Acrobat 3D Version 7 for Windows:
Update to version 7.1.1:
http://www.adobe.com/support/download....jsp?product=112&platform=Windows

Adobe Reader 7 and 8 for UNIX:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

Adobe Reader 9 for UNIX:
Update to version 9.1:
http://get.adobe.com/reader/

Provided and/or discovered by:
1) Reported as a 0-day.
2) Tenable Network Security, reported via ZDI.
3) Alin Rad Pop, Secunia Research
4) Sean Larsson, iDefense Labs
5) Jonathan Brossard from iViZ Security Research Team
6) The vendor credits Will Dormann of CERT/CC.

Changelog:
2009-02-23: Added link to US-CERT.
2009-02-23: Updated title and added additional vulnerability information provided by Secunia Research.
2009-02-24: Added link to Secunia Blog with additional information.
2009-02-27: Added CVE reference.
2009-03-11: Updated "Solution" and "Original Advisory" sections due to the release of version 9.1.
2009-03-19: Updated advisory to include vulnerability #2. Updated "Solution" and "Original Advisory" sections due to the release of version 7.1.1 and 8.1.4.
2009-03-25: Updated "Solution" section with Adobe Reader for UNIX patches. Added additional details to vulnerability #2. Added vulnerabilities #3-#5 to the "Description". Updated credits and the "Original Advisory" section.
2009-03-25: Added details to vulnerability #5 and reporter link to the "Original Advisory" section.

Original Advisory:
Adobe:
http://www.adobe.com/support/security/advisories/apsa09-01.html
http://www.adobe.com/support/security/bulletins/apsb09-03.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html

Secunia Research:
http://secunia.com/secunia_research/2009-14/

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-09-014/

iDefense:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=776

iViZ Security Research:
http://www.ivizsecurity.com/security-advisory-iviz-sr-09001.html

Other References:
Secunia Blog:
http://secunia.com/blog/44/

McAfee Avert Labs:
http://www.avertlabs.com/research/blo...backdoor-attacks-using-pdf-documents/

US-CERT VU#905281:
http://www.kb.cert.org/vuls/id/905281

Change Page:
[ 1 ] [ 2 ] [ 3 ]


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 16
New vulnerabilities: 33
Updated advisories: 25

Moderately // 54 views
Fedora update for kernel
Less // 75 views
Active! Mail 2003 Cross-Site Scripting and Session Hijacking Vulnerabilities
Moderately // 79 views
GeN3 "cat" SQL Injection Vulnerability
Less // 90 views
DISA SRR Unix Untrusted Directories Privilege Escalation Security Issue
Less // 107 views
IBM InfoSphere Information Server Multiple Vulnerabilities
Less // 93 views
Polipo "httpClientDiscardBo dy()" Signedness Error Denial of Service
Not // 131 views
Ubuntu update for gnome-screensaver
Moderately // 158 views
Core FTP Server / SFTP Server Unexpected Disconnect Denial of Service
Less // 126 views
Image Hosting Script DPI "date" Cross-Site Scripting
Less // 130 views
Red Hat update for acpid

Solutions | More...  

Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Novell iPrint Client Two Buffer Overflow Vulnerabilities // 59 views
2. Sun Java JDK / JRE Multiple Vulnerabilities // 51 views
3. Adobe Flash Player Multiple Vulnerabilities // 49 views
4. Fedora update for kernel // 45 views
5. Moodle Multiple Vulnerabilities // 45 views
6. Novell iPrint Client Date/Time Parsing Buffer Overflow // 41 views
7. IBM InfoSphere Information Server Multiple Vulnerabilities // 34 views
8. Internet Explorer Charset Inheritance Cross-Site Scripting Vulnerability // 33 views
9. Active! Mail 2003 Cross-Site Scripting and Session Hijacking Vulnerabilities // 31 views
10. Core FTP Server / SFTP Server Unexpected Disconnect Denial of Service // 29 views



Contact | Terms & Conditions and Copyright | Report Vulnerability | Press | Jobs (open positions) | About Secunia
Copyright Secunia 2002-2009