Main Menu

Adobe Updates Adobe Reader

Written by Editor on June 10, 2009

Hot on the heals of the Microsoft patches this week we have an update for Adobe Acrobat and Adobe Reader. Several Critical vulnerabilities have been identified in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

The updates apply to Windows and Macintosh, there will be security updates for Adobe Reader on the UNIX platform however it seems they will be available on June 16, 2009.

The adobe update addresses the following CVE issues:

  • Resolves a stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1855).
  • Resolves an integer overflow that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-1856).
  • Resolves a memory corruption vulnerability that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-1857).
  • Resolves a memory corruption vulnerability in the JBIG2 filter that could potentially lead to code execution (CVE-2009-1858).
  • Resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1859).
  • Resolves a memory corruption vulnerability in the JBIG2 filter that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-0198).
  • Resolves multiple heap overflow vulnerabilities in the JBIG2 filter that could potentially lead to code execution (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889).
  • Resolves multiple heap overflow vulnerabilities that could potentially lead to code execution (CVE-2009-1861).

It is highly recommended that the update is installed as soon as possible, Adobe PDF files have been a common exploit vector for attackers over the last year or so. So it is likely that some of these issues could be making their way into the toolkit as we speak for use against unsuspecting victims.