MS-ISAC ADVISORY NUMBER:
2011-010
DATE(S) ISSUED:
2/8/2011
SUBJECT:
Multiple Vulnerabilities Discovered in Adobe Products
Twenty-nine vulnerabilities have been discovered in the Adobe Reader and Adobe Acrobat applications, which could allow an attacker to take complete control of an affected system. Adobe Reader allows users to view Portable Document Format (PDF) files while Adobe Acrobat offers users additional features such as the ability to create PDF files. These vulnerabilities may be exploited if a user visits or is redirected to a specially crafted web page or when a user opens a specially crafted PDF file. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.
SYSTEMS AFFECTED:
-
Adobe Reader X (10.0) and earlier for Windows and Macintosh.
-
Adobe Reader 9.4.1 and earlier for Windows, Macintosh and UNIX.
-
Adobe Acrobat X (10.0) and earlier for Windows and Macintosh.
RISK:
Government:
- Large and medium government entities: High
- Small government entities: High
Businesses:
- Large and medium business entities: High
- Small business entities: High
Home users: High
DESCRIPTION:
Twenty-nine security vulnerabilities have been identified in Adobe Reader and Adobe Acrobat. These vulnerabilities can be exploited if a user visits a malicious website or opens an email attachment containing a file designed to trigger these issues. The vulnerabilities are as follows:
- Two input validation vulnerabilities that could lead to code execution (CVE-2010-4091) (CVE-2011-0586).
- Two input validation vulnerabilities that could lead to a cross-site scripting vulnerability (CVE-2011-0587) (CVE-2011-0604).
- Three library-loading vulnerability that could lead to code execution (CVE-2011-0562) (CVE-2011-0570) (CVE-2011-0588)
- Four memory corruption vulnerability that could lead to code execution (CVE-2011-0563) (CVE-2011-0606) (CVE-2011-0589) (CVE-2011-0605 - Macintosh only).
- One Windows-only file permissions issue that could lead to privilege escalation (CVE-2011-0564).
- Three denial of service vulnerabilities; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0565), (CVE-2011-0585) (CVE-2011-0568 - Macintosh only).
- Seven image-parsing memory corruption vulnerabilities that could lead to code execution (CVE-2011-0596)(CVE-2011-0598)(CVE-2011-0599)(CVE-2011-0602)(CVE-2011-0566)(CVE-2011-0567)(CVE-2011-0603).
- Six 3D file parsing input validation vulnerabilities that could lead to code execution (CVE-2011-0590)(CVE-2011-0591)(CVE-2011-0592)(CVE-2011-0593)(CVE-2011-0595)(CVE-2011-0600).
- One font parsing input validation vulnerability that could lead to code execution (CVE-2011-0594).
Successful exploitation may result in an attacker gaining the same user privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply the appropriate updates provided by Adobe immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to open email attachments from unknown or un-trusted sources.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
REFERENCES:
Adobe:
http://www.adobe.com/support/security/bulletins/apsb11-03.html
CVE:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4091
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0562
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0563
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0564
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0565
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0566
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0567
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0568
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0570
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0585
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0586
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0587
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0588
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0589
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0590
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0591
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0592
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0593
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0594
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0595
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0596
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0598
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0599
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0600
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0602
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0603
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0604
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0605
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0606