English
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

Adobe Reader/Acrobat Multiple Vulnerabilities


Secunia ID

SA47133

CVE-ID

CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460, CVE-2011-2462, CVE-2011-4369

Release Date

07 Dec 2011

Last Change

11 Jan 2012

Criticality

Extremely Critical

Solution Status

Vendor Patch

Software

Adobe Acrobat 9.x
Adobe Acrobat X 10.x
Adobe Reader 9.x
Adobe Reader X 10.x

Where

From remote

Impact
System access

This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.

Description

Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system.

1) An error in the U3D data handling can be exploited to corrupt memory.

NOTE: This vulnerability is currently being actively exploited in targeted attacks against Adobe Reader 9.x on Windows.

2) An unspecified error in the PRC component can be exploited to corrupt memory.

NOTE: This vulnerability is currently being actively exploited in targeted attacks against Adobe Reader 9.x on Windows.

3) The application bundles a vulnerable version of Adobe Flash Player.

For more information:
SA46818

The vulnerabilities are reported in the following products:
* Adobe Reader X versions 10.1.1 and prior for Windows and Macintosh.
* Adobe Reader versions 9.4.6 and prior for Windows, Macintosh, and UNIX.
* Adobe Acrobat X versions 10.1.1 and prior for Windows and Macintosh.
* Adobe Acrobat versions 9.4.6 and prior for Windows and Macintosh.

Solution

Update to a fixed version:

Adobe Reader 9.x and Adobe Acrobat 9.x for Windows and Linux:
Update to version 9.4.7.

Adobe Reader 9.x and Adobe Acrobat 9.x for Mac:
Update to version 9.5.0.

Adobe Reader X and Adobe Acrobat X:
Update to version 10.1.2.

Reported by

1) Reported as a 0-day.
2) Reported as a 0-day.

Original Advisory

Adobe:
http://www.adobe.com/support/security/bulletins/apsb11-30.html