CIS CYBER SECURITY ADVISORIES
MS-ISAC CYBER SECURITY ADVISORY NUMBER:
Multiple Vulnerabilities Discovered in Adobe Products
Twenty-nine vulnerabilities have been discovered in the Adobe Reader and Adobe Acrobat applications, which could allow an attacker to take complete control of an affected system. Adobe Reader allows users to view Portable Document Format (PDF) files while Adobe Acrobat offers users additional features such as the ability to create PDF files. These vulnerabilities may be exploited if a user visits or is redirected to a specially crafted web page or when a user opens a specially crafted PDF file. Successful exploitation will result in an attacker gaining the same privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Failed exploit attempts will likely cause denial-of-service conditions.
Adobe Reader X (10.0) and earlier for Windows and Macintosh.
Adobe Reader 9.4.1 and earlier for Windows, Macintosh and UNIX.
Adobe Acrobat X (10.0) and earlier for Windows and Macintosh.
- Large and medium government entities: High
- Small government entities: High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Twenty-nine security vulnerabilities have been identified in Adobe Reader and Adobe Acrobat. These vulnerabilities can be exploited if a user visits a malicious website or opens an email attachment containing a file designed to trigger these issues. The vulnerabilities are as follows:
- Two input validation vulnerabilities that could lead to code execution (CVE-2010-4091) (CVE-2011-0586).
- Two input validation vulnerabilities that could lead to a cross-site scripting vulnerability (CVE-2011-0587) (CVE-2011-0604).
- Three library-loading vulnerability that could lead to code execution (CVE-2011-0562) (CVE-2011-0570) (CVE-2011-0588)
- Four memory corruption vulnerability that could lead to code execution (CVE-2011-0563) (CVE-2011-0606) (CVE-2011-0589) (CVE-2011-0605 - Macintosh only).
- One Windows-only file permissions issue that could lead to privilege escalation (CVE-2011-0564).
- Three denial of service vulnerabilities; arbitrary code execution has not been demonstrated, but may be possible (CVE-2011-0565), (CVE-2011-0585) (CVE-2011-0568 - Macintosh only).
- Seven image-parsing memory corruption vulnerabilities that could lead to code execution (CVE-2011-0596)(CVE-2011-0598)(CVE-2011-0599)(CVE-2011-0602)(CVE-2011-0566)(CVE-2011-0567)(CVE-2011-0603).
- Six 3D file parsing input validation vulnerabilities that could lead to code execution (CVE-2011-0590)(CVE-2011-0591)(CVE-2011-0592)(CVE-2011-0593)(CVE-2011-0595)(CVE-2011-0600).
- One font parsing input validation vulnerability that could lead to code execution (CVE-2011-0594).
Successful exploitation may result in an attacker gaining the same user privileges as the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts.
We recommend the following actions be taken:
- Apply the appropriate updates provided by Adobe immediately after appropriate testing.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Remind users not to open email attachments from unknown or un-trusted sources.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.