Internet threat level: 1
Home→Descriptions→SA47133
Adobe Reader/Acrobat Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2011-2445, CVE-2011-2450, CVE-2011-2451, CVE-2011-2452, CVE-2011-2453, CVE-2011-2454, CVE-2011-2455, CVE-2011-2456, CVE-2011-2457, CVE-2011-2458, CVE-2011-2459, CVE-2011-2460, CVE-2011-2462, CVE-2011-4369 |
| Release Date |
07 Dec 2011 |
| Last Change |
11 Jan 2012 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Acrobat 9.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Multiple vulnerabilities have been reported in Adobe Reader and Adobe Acrobat, which can be exploited by malicious people to bypass certain security restrictions and compromise a user's system. 1) An error in the U3D data handling can be exploited to corrupt memory. NOTE: This vulnerability is currently being actively exploited in targeted attacks against Adobe Reader 9.x on Windows. 2) An unspecified error in the PRC component can be exploited to corrupt memory. NOTE: This vulnerability is currently being actively exploited in targeted attacks against Adobe Reader 9.x on Windows. 3) The application bundles a vulnerable version of Adobe Flash Player. For more information: The vulnerabilities are reported in the following products: |
| Solution |
Update to a fixed version: Adobe Reader 9.x and Adobe Acrobat 9.x for Windows and Linux: Adobe Reader 9.x and Adobe Acrobat 9.x for Mac: Adobe Reader X and Adobe Acrobat X: |
| Reported by |
1) Reported as a 0-day. |
| Original Advisory |
Adobe: |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.