X
Business
Home Business Enterprise Software

Critical flaws haunt Adobe PDF Reader, Acrobat

The update is rated "critical" because of the risk of remote code execution attacks via rigged PDF files.
Written by Ryan Naraine, Contributor

adobepdficon.png

Adobe dropped a bumper patch for its PDF Reader and Acrobat today to fix 15 documented security holes that expose Windows, Mac and UNIX users to malicious hacker attacks.

The update is rated "critical" because of the risk of remote code execution attacks via rigged PDF files.

According to an advisory from Adobe, the vulnerabilities affect Adobe Reader 9.3.1 (and earlier versions) for Windows, Macintosh, and UNIX, Adobe Acrobat 9.3.1 (and earlier versions) for Windows and Macintosh, and Adobe Reader 8.2.1 (and earlier versions) and Adobe Acrobat 8.2.1 (and earlier versions) for Windows and Macintosh.

These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

This patch batch also coincides with the release of a new automatic update for the Reader/Acrobat software.  The default installation configuration runs automatic updates on a regular schedule and can be manually activated by choosing Help > Check for Updates.

Here are the raw details on the 15 documented vulnerabilities:

  • A cross-site-scripting vulnerability that could lead to code execution (CVE-2010-0190).
  • A prefix protocol handler vulnerability that could lead to code execution (CVE-2010-0191).
  • A denial-of-service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0192).
  • Denial-of-service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0193).
  • A memory corruption vulnerability that could lead to code execution (CVE-2010-0194).
  • This update resolves a font handling vulnerability that could lead to code execution (CVE-2010-0195).
  • A denial-of-service vulnerability; arbitrary code execution has not been demonstrated, but may be possible (CVE-2010-0196).
  • A memory corruption vulnerability that could lead to code execution (CVE-2010-0197).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2010-0198).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2010-0199).
  • A memory corruption vulnerability that could lead to code execution (CVE-2010-0201).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2010-0202).
  • A buffer overflow vulnerability that could lead to code execution (CVE-2010-0203).
  • A memory corruption vulnerability that could lead to code execution (CVE-2010-0204).
  • A heap-based overflow vulnerability that could lead to code execution (CVE-2010-1241).

Also see this important note from Adobe's Brad Arkin on the new automatic updater that was released today.

Editorial standards
Show Comments

Related

asus-zenbook-14-main

The work laptop I recommend to most people is not made by Apple or Lenovo

Microsoft Copilot

7 reasons I use Copilot instead of ChatGPT

usb-kindle

Have an old Kindle? Whatever you do, do not do this one thing