cert-alerts August 2010 archive
Main Archive Page > Month Archives  > cert-alerts archives
cert-alerts: US-CERT Cyber Security Alert SA10-231A -- Adobe Rea

US-CERT Cyber Security Alert SA10-231A -- Adobe Reader and Acrobat Vulnerabilities

From: US-CERT Alerts <alerts_at_nospam>
Date: Thu Aug 19 2010 - 21:19:03 GMT
To: alerts@us-cert.gov

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                    National Cyber Alert System

                  Cyber Security Alert SA10-231A

Adobe Reader and Acrobat Vulnerabilities

   Original release date: August 19, 2010
   Last revised: --
   Source: US-CERT

Systems Affected

     * Adobe Reader 9.3.3 and earlier versions for Windows, Macintosh, and UNIX
     * Adobe Acrobat 9.3.3 and earlier versions for Windows and Macintosh
     * Adobe Reader 8.2.3 and earlier versions for Windows, Macintosh, and UNIX
     * Adobe Acrobat 8.2.3 and earlier versions for Windows and Macintosh

Overview

   Adobe has released Security Bulletin APSB10-17, which describes
   multiple vulnerabilities affecting Adobe Reader and Acrobat.

Solution

   Update

   Adobe has released updates to address this issue. You are
   encouraged to read Adobe Security Bulletin APSB10-17 and update
   vulnerable versions of Adobe Reader and Acrobat.

   Disable JavaScript in Adobe Reader and Acrobat

   Disabling JavaScript may prevent some exploits. To disable
   JavaScript in Acrobat, do the following:

   * Open Adobe Acrobat Reader.
   * Open the Edit menu.
   * Choose the Preferences option.
   * Choose the JavaScript section.
   * Uncheck the "Enable Acrobat JavaScript" checkbox.

   Disable the display of PDF documents in the web browser

   Preventing PDF documents from opening inside a web browser will
   partially protect you against this vulnerability. Applying this
   workaround may also protect you against future vulnerabilities.

   To prevent PDF files from automatically being opened in a web
   browser, do the following:

   * Open Adobe Acrobat Reader.
   * Open the Edit menu.
   * Choose the Preferences option.
   * Choose the Internet section.
   * Uncheck the "Display PDF in browser" checkbox.

   Do not access PDF files from untrusted sources

   Do not open unfamiliar or unexpected PDF files, particularly those
   hosted on websites or delivered as email attachments. Please see
   Cyber Security Tip ST04-010.

Description

   Adobe Security Bulletin APSB10-17 describes a number of
   vulnerabilities affecting Adobe Reader and Acrobat. An attacker
   could exploit these vulnerabilities by convincing a user to open a
   specially crafted PDF file.

   These vulnerabilities could allow a remote attacker to take control
   of your computer or cause it to crash.

References

 * Security update available for Adobe Reader and Acrobat -
   <http://www.adobe.com/support/security/bulletins/apsb10-17.html>

 ____________________________________________________________________

   The most recent version of this document can be found at:

     <http://www.us-cert.gov/cas/alerts/SA10-231A.html>
 ____________________________________________________________________

   Feedback can be directed to US-CERT Technical Staff. Please send
   email to <cert@cert.org> with "SA10-231A Feedback VU#299148" in
   the subject.
 ____________________________________________________________________

   For instructions on subscribing to or unsubscribing from this
   mailing list, visit <http://www.us-cert.gov/cas/signup.html>.
 ____________________________________________________________________

   Produced 2010 by US-CERT, a government organization.

   Terms of use:

     <http://www.us-cert.gov/legal.html>
 ____________________________________________________________________

Revision History

  August 19, 2010: Initial release

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTG2fWD6pPKYJORa3AQIxewgAmS4sUhS/Z3ipfCTgLO3ZYl3vJWv6HwSv
8kxth/QjPrSZdSjXlElD6yTPiNm7L8rVM13K4MRqVW1NZlBcN9MW8TrzX27VVANY
65ZkvdFdnOOvHzz6p40w7RC860PdWacPPIrzHB6xvsUK4lk9kN77fBxh7aN3eQFN
8+bpKNzvtx5lRqMDBLYow3Ve7Ip+n6nXHrMbj2ge7pSpruTxBOg1VeJph4GIri42
pOYysOwCIYzexJqHKRgvAVWarx5W7NM4recx5h6i1rfJSrQtcUMxiYL5DJjaB7of
bV+zfYq1bvVYr3LKWElp3t3Smq9ZbBgaOwoT4WK63nEluEl8Wys5JQ==
=2lT5
-----END PGP SIGNATURE-----