Sunday, October 11, 2009

CERT-In Vulnerability Note CIVN-2009-119

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Adobe Reader and Acrobat Remote Code Execution Vulnerability
http://www.cert-in.org.in/vulnerability/civn-2009-119.htm
Original Issue Date: October 09, 2009


Severity Rating:High

Systems Affected

Adobe Reader 9.1.3 and earlier versions
Adobe Acrobat 9.1.3 and earlier versions

Overview

A vulnerability has been reported in Adobe Reader and Acrobat, which could
allow a remote attacker to execute an arbitrary code or causes denial of
service condition.

Description

This vulnerability is caused due to an unspecified error in parsing PDF
file in Adobe Reader and Acrobat. A remote attacker could exploit this
vulnerability by tricking a user into opening a specially crafted PDF file
resulting in arbitrary code execution in the context of the user running
the affected application or cause denial of service (DoS) condition.

Workarounds

Disablejava_script until vendor fixes available
Do not open PDF documents received from untrusted sources.
Enable Data Execution Prevention (DEP) on Windows Vista
Vendor Information

Adobe
http://www.adobe.com/support/security/bulletins/apsb09-15.html

References

Adobe
http://www.adobe.com/support/security/bulletins/apsb09-15.html
http://blogs.adobe.com/psirt

SecurityFocus
http://www.securityfocus.com/bid/36600/

SecurityTracker
http://www.securitytracker.com/alerts/2009/Oct/1022998.html

CVE Name
CVE-2009-3459
Disclaimer

The information provided herein is on "as is" basis, without warranty of
any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Note: Please do not reply to this e-mail. For further queries contact
CERT-In Information Desk. Email: info@cert-in.org.in


-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBSs9EYHWXeYNsoT30AQrvvQgAsqfzwVOfZb15TOrXmILLZnrvHgB5FJpC
R0QYg6996cFkP3TTvSwK3SIRGXwUqTE1d9cFcUCYtLGfQXLmvrui2U/NfROa24dm
Q4+7glmqGQ+ELj++QOqpLZRlE9dRKh2+JmofikP2TUPyXqusqIsk+/DiDpQm+9Qr
2jcH7etKVmdo/yL3iV+fojVDB5Q8jz3sqi3NxU4DXCUIL3NoG2u+OMI1ITdzIh91
AVDG/n+tNsdq0+WLMbN3WtYK2LUAnxaupZlkoIvYyyBRtoB8GxmQ+Ys/e+cP5uFk
6ZgpvKPt/fTbyFhb6Xtjtn2kO+GeNJ1aXYW73fBMXOuxBNorKEK/ww==
=MJyZ
-----END PGP SIGNATURE-----


--
For More Security Related Stuff visit http://wiki.secureit.in.A Wiki Website dedicated to Information Security.
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)