---------------------------------------------------------------------- Do you have VARM strategy implemented? (Vulnerability Assessment Remediation Management) If not, then implement it through the most reliable vulnerability intelligence source on the market. Implement it through Secunia. For more information visit: http://secunia.com/advisories/business_solutions/ Alternatively request a call from a Secunia representative today to discuss how we can help you with our capabilities contact us at: sales@secunia.com ---------------------------------------------------------------------- TITLE: Adobe Reader/Acrobat Multiple Vulnerabilities SECUNIA ADVISORY ID: SA34580 VERIFY ADVISORY: http://secunia.com/advisories/34580/ DESCRIPTION: Some vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the processing of Huffman encoded JBIG2 text region segments can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF document. The vulnerability is confirmed in version 9.1.0. Other versions may also be affected. 2) An error can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code. 3) An integer overflow error can be exploited to potentially execute arbitrary code. 4) An unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 5) An error in the processing of JBIG2 data can be exploited to corrupt memory and potentially execute arbitrary code. 6) Another unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 7) Multiple errors in the JBIG2 filter can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code. 8) An error in the JBIG2 filter can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 9) Multiple errors can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code. SOLUTION: Apply patches. -- Adobe Reader for Windows -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows -- Adobe Reader for Macintosh -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh -- Acrobat for Windows -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows -- Acrobat 3D for Windows -- Update to version 8.1.6: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows -- Acrobat Pro for Macintosh -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh -- Adobe Reader for UNIX -- Updates will reportedly be available on June 16, 2009. Do not process untrusted PDF documents. PROVIDED AND/OR DISCOVERED BY: 1) Alin Rad Pop, Secunia Research The vendor credits: 2) Jun Mao and Ryan Smith, iDefense Labs 3) an anonymous researcher reported through ZDI 4) Haifei Li of Fortinet's FortiGuard Global Security Research Team 5) Apple Product Security Team 6) Matthew Watchinski, Sourcefire VRT 7) Mark Dowd of IBM ISS X-Force 8) Mark Dowd of IBM ISS X-Force and Nicolas Joly of Vupen 9) Will Dormann, CERT ORIGINAL ADVISORY: Secunia Research: http://secunia.com/secunia_research/2009-24/ Adobe: http://www.adobe.com/support/security/bulletins/apsb09-07.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------