Adobe patches critical Acrobat vulnerabilities

Critical vulnerabilities have been identified in Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader and Acrobat update their product installations to versions 9.1.2, 8.1.6, or 7.1.3 using the instructions above to protect themselves from potential vulnerabilities. The above updates apply to Windows and Macintosh. Security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009; this Bulletin will be updated to reflect their availability on that date.

This update resolves a stack overflow vulnerability that could potentially lead to code execution (CVE-2009-1855).

This update resolves an integer overflow that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-1856).

This update resolves a memory corruption vulnerability that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-1857).

This update resolves a memory corruption vulnerability in the JBIG2 filter that could potentially lead to code execution (CVE-2009-1858).

This update resolves a memory corruption vulnerability that could potentially lead to code execution (CVE-2009-1859).

This update resolves a memory corruption vulnerability in the JBIG2 filter that leads to a Denial of Service (DoS); arbitrary code execution has not been demonstrated, but may be possible (CVE-2009-0198).

This update resolves multiple heap overflow vulnerabilities in the JBIG2 filter that could potentially lead to code execution (CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889).

This update resolves multiple heap overflow vulnerabilities that could potentially lead to code execution (CVE-2009-1861).

Additionally, this update resolves Adobe internally discovered issues.




Share this