Security Alert (A16-03-03): Multiple Vulnerabilities in Adobe Acrobat and Reader


 

Published on: 09 March 2016

  
  

Description:

Security updates are released for Adobe Acrobat and Reader to address multiple vulnerabilities caused by memory corruption and a directory search path issue. To successfully exploit the vulnerabilities, a remote attacker could entice a targeted user to open a specially crafted PDF file.


Affected Systems:

  • Adobe Acrobat DC/Acrobat Reader DC Continuous 15.010.20059 and earlier versions
  • Adobe Acrobat DC/Acrobat Reader DC Classic 15.006.30119 and earlier versions
  • Adobe Acrobat/Reader XI 11.0.14 and earlier versions

 

Impact:

A successful attack could lead to arbitrary code execution or potentially take control of the affected system.


Recommendation:

Upgrade Adobe Acrobat/Reader to the following versions to address the issues. The upgrade can be obtained by using the auto-update mechanism or by downloading at the following URLs:

  • Adobe Acrobat DC Continuous 15.010.20060, Classic 15.006.30121, Acrobat XI 11.0.15
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh

  • Adobe Acrobat Reader DC Classic 15.006.30121, Acrobat XI 11.0.15
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
    http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh

  • Adobe Acrobat Reader DC Continuous 15.010.20060
    http://get.adobe.com/reader/


More Information:

https://helpx.adobe.com/security/products/reader/apsb16-09.html
https://www.hkcert.org/my_url/en/alert/16030914
https://www.us-cert.gov/ncas/current-activity/2016/03/08/Adobe-Releases-Security-Updates-Acrobat-Reader-and-Digital-Editions
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1007 (to CVE-2016-1009)



Tag: Adobe , Acrobat , Acrobat Reader
Tags