Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:23642
HistoryApr 19, 2010 - 12:00 a.m.

Security update available for Adobe Reader and Acrobat

2010-04-1900:00:00
vulners.com
8
JSON

Security update available for Adobe Reader and Acrobat

Release date: April 13, 2010

Vulnerability identifier: APSB10-09

CVE numbers: CVE-2010-0190, CVE-2010-0191, CVE-2010-0192, CVE-2010-0193, CVE-2010-0194, CVE-2010-0195, CVE-2010-0196, CVE-2010-0197, CVE-2010-0198, CVE-2010-0199, CVE-2010-0201, CVE-2010-0202, CVE-2010-0203, CVE-2010-0204, CVE-2010-1241

Platform: All Platforms
Summary

Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2.
Affected software versions

Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh
Solution

Adobe Reader
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Adobe Reader users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Adobe Reader users on UNIX can find the appropriate update here:
http://get.adobe.com/reader/.

Adobe Acrobat
Users can utilize the product's automatic update feature. The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows can also find the appropriate update here: http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat 3D users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
Severity rating

Adobe categorizes these as critical updates and recommends that users apply the latest updates for their product installations.
Details

Critical vulnerabilities have been identified in Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh. These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.3.1 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3.2. (For Adobe Reader users on Windows and Macintosh, who cannot update to Adobe Reader 9.3.2, Adobe has provided the Adobe Reader 8.2.2 update.) Adobe recommends users of Adobe Acrobat 9.3.1 and earlier versions for Windows and Macintosh update to Adobe Acrobat 9.3.2. Adobe recommends users of Acrobat 8.2.1 and earlier versions for Windows and Macintosh update to Acrobat 8.2.2.

This update resolves a cross-site scripting vulnerability that could lead to code execution (CVE-2010-0190).

This update resolves a prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).

This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).

This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0194).

This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).

This update resolves a denial of service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0197).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0201).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).

This update resolves a buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).

This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2010-0204).

This update resolves a heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).
Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

* Billy Rios and Microsoft Vulnerability Research (MSVR) (CVE-2010-0190, CVE-2010-0191)
* Aki Helin of Oulu University Secure Programming Group (CVE-2010-0192)
* Microsoft Vulnerability Research Program (MSVR) (CVE-2010-0193)
* Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-0194)
* An anonymous researcher reported through TippingPoint’s Zero Day Initiative (CVE-2010-0195)
* Vulnerability Research Team, TELUS Security Labs (CVE-2010-0196)
* James Quirk of Los Alamos, New Mexico (CVE-2010-0197)
* Nicolas Joly of VUPEN Vulnerability Research Team (CVE-2010-0198, CVE-2010-0199, CVE-2010-0202, CVE-2010-0203)
* Felipe Andres Manzano through the iSIGHT Partners Global Vulnerability Partnership (CVE-2010-0201)
* Greg MacManus of iSIGHT Partners Labs (CVE-2010-0204)
* Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-1241)

Related

nessus 12
suse 1
openvas 8
securityvulns 6
redhat 1
cve 16
ubuntucve 15
prion 16
gentoo 1
checkpoint_advisories 6
symantec 2
zdi 1
kitploit 1
nessus
nessus
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6994)
2011-01-27 00:00:00
openSUSE Security Update : acroread (openSUSE-SU-2010:0137-1)
2010-04-22 00:00:00
openSUSE Security Update : acroread (openSUSE-SU-2010:0137-1)
2010-04-22 00:00:00
suse
suse
remote code execution in acroread
2010-04-21 14:05:14
openvas
openvas
Adobe Acrobat and Reader PDF Handling Multiple Vulnerabilities (Linux)
2010-04-16 00:00:00
SuSE Update for acroread SUSE-SA:2010:022
2010-04-29 00:00:00
SuSE Update for acroread SUSE-SA:2010:022
2010-04-29 00:00:00
securityvulns
securityvulns
Adobe Acrobat and Reader multiple security vulnerabilities
2010-04-19 00:00:00
VUPEN Security Research - Adobe Acrobat and Reader BMP Data Buffer Overflow Vulnerability
2010-04-19 00:00:00
VUPEN Security Research - Adobe Acrobat and Reader GIF Data Buffer Overflow Vulnerability
2010-04-19 00:00:00
redhat
redhat
(RHSA-2010:0349) Critical: acroread security update
2010-04-14 00:00:00
cve
cve
CVE-2010-0201
2010-04-14 16:00:00
CVE-2010-0197
2010-04-14 16:00:00
CVE-2010-0203
2010-04-14 16:00:00
ubuntucve
ubuntucve
CVE-2010-0204
2010-04-14 00:00:00
CVE-2010-0199
2010-04-14 00:00:00
CVE-2010-0197
2010-04-14 00:00:00
prion
prion
Buffer overflow
2010-04-14 16:00:00
Buffer overflow
2010-04-14 16:00:00
Buffer overflow
2010-04-14 16:00:00
gentoo
gentoo
Adobe Reader: Multiple vulnerabilities
2010-09-07 00:00:00
checkpoint_advisories
checkpoint_advisories
Adobe Reader Overly Complex U3D Base Mesh Memory Corruption (APSB10-09; CVE-2010-0194)
2010-04-14 00:00:00
Adobe Reader Malformed RichMedia Annotation (APSB10-09; CVE-2010-0197)
2010-04-14 00:00:00
Adobe Reader Postscript Conversion Memory Corruption (APSB10-09; CVE-2010-0192)
2010-04-14 00:00:00
symantec
symantec
Adobe Acrobat and Reader CVE-2010-1241 'CoolType.dll' Remote Code Execution Vulnerability
2010-04-13 00:00:00
Adobe Acrobat and Reader CVE-2010-0195 Embedded Font Handling Remote Code Execution Vulnerability
2010-04-13 00:00:00
zdi
zdi
Adobe Reader TrueType Font Handling Remote Code Execution Vulnerability
2010-04-13 00:00:00
kitploit
kitploit
Radamsa - A General-Purpose Fuzzer
2024-03-25 11:30:00
JSON
Related for SECURITYVULNS:DOC:23642
nessus12suse1openvas8securityvulns6redhat1cve16ubuntucve15prion16gentoo1checkpoint_advisories6symantec2zdi1kitploit1