Internet threat level: 1
Home→Descriptions→SA38551
Adobe Reader/Acrobat Two Vulnerabilities
| Secunia ID | |
| CVE-ID | |
| Release Date |
12 Feb 2010 |
| Last Change |
17 Feb 2010 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Acrobat 3D 8.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. Security BypassThis covers vulnerabilities or security issues where malicious users or people can bypass certain security mechanisms of the application. The actual impact varies significantly depending on the design and purpose of the affected application. |
| Description |
Two vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to bypass certain security restrictions or compromise a user's system. 1) An error in the included Flash player can be exploited to perform unauthorized cross-domain requests. For more information: 2) An unspecified error can be exploited to cause a crash or potentially execute arbitrary code. The vulnerabilities are reported in Adobe Reader and Adobe Acrobat versions 9.3 and prior. |
| Solution |
Update to version 8.2.1 or 9.3.1. Adobe Reader on Windows: Adobe Reader on Macintosh: Adobe Reader on UNIX: Acrobat Standard and Pro on Windows: Acrobat Pro Extended on Windows: Acrobat 3D on Windows: Acrobat Pro on Macintosh: |
| Reported by |
2) The vendor credits the Microsoft Vulnerability Research Program (MSVR). |
| Original Advisory |
http://www.adobe.com/support/security/bulletins/apsb10-07.html |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.