CERT-MU :Vulnerability

Home | Search | FAQ | Site Map | Contact Us

|| Hotline : 800 2378 || To contact CERT-MU send e-mail on --> info[at]cert-mu.gov.mu || To report incident e-mail on --> incident[at]cert-mu.gov.mu || To report Vulnerabilities send e-mail on --> Vulnerability[at]cert-mu.gov.mu ||

Charter & Mission

CERT-MU Services

Constituency

Authority

Incident Reporting

Vulnerability Reporting

Incident Statistics Forms

Vol. 2, Feb 2012

Vol. 1, Oct 2011

World CERTs

Security Sites

Security Tools

Antivirus Resources

Email Abuse

Network Abuse

Anti-Spam Initiative

Cyber Security Portal

Safer Internet Day

Computer Security Day

National Computer Board

Authorized to use CERT(TM) - CERT is a mark owned by Carnegie Mellon University

CERT-MU Vulnerability Note VN-2009-12

Adobe Reader JavaScript Vulnerabilities

Original Issue Date: April 30, 2009

Severity Rating: High

Systems Affected

Adobe Reader 9.x
Adobe Reader 8.x
Adobe Reader 7.x

Overview

Two vulnerabilities have been reported in Adobe Reader which could allow remote code execution.

Description

These vulnerabilities are caused due to errors while processing calls to getAnnots() and customDictionaryOpen() JavaScript methods. These errors could be exploited via specially crafted PDF file which cause memory corruption. Successful exploitation of these vulnerabilities could allow remote code execution on the vulnerable system.

Note: Proof-of-concept code to exploit is available on Internet

Workarounds