Adobe closes critical Acrobat and Reader holes
getAnnots() that could be used by an attacker to crash either application and potentially allow them to take control of the affected system. For an attack to be successful the user must first open a specially crafted malicious PDF document. Version 9.1.1, 8.1.5 and 7.1.2 of Adobe Reader and Acrobat fix the problem.
customDictionaryOpen method can be manipulated to cause a denial of service or execute arbitrary code. Adobe Reader 9.1.1 for UNIX corrects the vulnerability.
- Security Updates available for Adobe Reader and Acrobat, Adobe Security Bulletin.
- Buffer overflow issues in Adobe Reader and Acrobat, Adobe Security Bulletin.
- Demo exploits for new vulnerabilities in Adobe Reader, a report from The H.
- F-Secure advises against using Adobe Reader, a report from The H.