RETIRED: Adobe Reader and Acrobat October 2009 Multiple Remote Vulnerabilities

Adobe has released an advisory for Acrobat and Reader that addresses 24 new security issues.

Successfully exploiting these issues may allow attackers to crash the affected application, execute arbitrary code within the context of the application, bypass certain security restrictions, and compromise the affected computer. Other attacks are also possible.

These issues affect versions *prior to* Reader and Acrobat 7.1.4, 8.1.7, and 9.2.

The following individual records now exist to document these issues:

36664 Adobe Reader and Acrobat Multiple Input Validation Vulnerabilities
36665 Adobe Reader and Acrobat U3D File Invalid Array Index Remote Vulnerability
36667 Adobe Reader and Acrobat Compact Font Format Heap Memory Corruption Vulnerability
36668 Adobe Reader and Acrobat COM Objects Memory Corruption Remote Code Execution Vulnerability
36669 Adobe Acrobat Reader Firefox Plugin Memory Corruption Remote Code Execution Vulnerability
36671 Adobe Reader and Acrobat Malformed U3D Data Heap Memory Corruption Vulnerability
36677 Adobe Reader and Acrobat U3D File Pointer Overwrite Remote Vulnerability
36678 Adobe Reader and Acrobat Malformed U3D Data Pointer Dereference Memory Corruption Vulnerability
36683 Adobe Reader and Acrobat JavaScript Memory Corruption Vulnerability
36682 Adobe Reader and Acrobat 'annots.api' Denial of Service Vulnerability
36680 Adobe Reader and Acrobat 'AcroPDF.dll' ActiveX Control Denial of Service Vulnerability
36681 Adobe Reader and Acrobat JavaScript Collab Object Memory Corruption Vulnerability
36686 Adobe Reader and Acrobat XMP-XML Entity Expansion Denial of Service Vulnerability
36687 Adobe Reader and Acrobat Unspecified Integer Overflow Memory Corruption Vulnerability
36688 Adobe Reader and Acrobat Certificate Modification Vulnerability
36689 Adobe Reader and Acrobat (CVE-2009-2994) Buffer Overflow Vulnerability
36690 Adobe Reader and Acrobat Multiple Unspecified Heap-Based Overflow Vulnerabilities
36691 Adobe Acrobat Image Decoder Remote Code Execution Vulnerability
36692 Adobe Reader and Acrobat Trust Manager Remote Security Bypass Vulnerability
36693 Adobe Acrobat Integer Overflow Vulnerability
36694 Adobe Acrobat Integer Overflow Denial Of Service Vulnerability
36695 Adobe Reader and Acrobat (CVE-2009-2992) ActiveX Control Denial of Service Vulnerability
36696 Adobe Reader and Acrobat for Unix Debug Mode Remote Code Execution Vulnerability
36697 Adobe Reader and Acrobat File Extension Controls Remote Security Bypass Vulnerability


 

Privacy Statement
Copyright 2010, SecurityFocus