Tuesday, May 12, 2009

Critical Update: Adobe Reader and Acrobat

Adobe has released an update to the critical vulnerability in both Adobe Reader 9.1 and Acrobat 9.1 as well as earlier versions. The vulnerability, described below as CVE-2009-1492, would cause the application to crash and could potentially allow an attacker to take control of the affected system.

A second vulnerability, identified as CVE-2009-1493, which affects Adobe Reader for UNIX is also addressed.

It is strongly recommended that the appropriate update be installed as soon as possible!

Adobe Reader Updates:

Windows: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Macintosh: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

UNIX: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix.

Acrobat Updates:

Windows:

Macintosh:


CVE-2009-1492:
The getAnnots Doc method in the JavaScript API in Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments.
CVE-2009-1493:
The customDictionaryOpen spell method in the JavaScript API in Adobe Reader 8.1.4 and 9.1 on Linux allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a PDF file that triggers a call to this method with a long string in the second argument.
Reference: APSB09-06 Security Updates available for Adobe Reader and Acrobat




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: