With all the recent publicity Adobe has received
Adobe has released a mega-update for its Reader and Acrobat software products to fix a total of eight documented security vulnerabilities.
Security Vulnerabilities patched in this recent update:
- This update resolves a use-after-free vulnerability in Multimedia.api that could lead to code execution (CVE-2009-4324). This issue is being actively exploited in the wild; the exploit targets Adobe Reader and Acrobat 9.2 on Windows platforms.
- This update resolves an array boundary issue in U3D support that could lead to code execution (CVE-2009-3953).
- This update resolves a DLL-loading vulnerability in 3D that could allow arbitrary code execution (CVE-2009-3954).
- This update resolves a memory corruption vulnerability that could lead to code execution (CVE-2009-3955).
- This update mitigates a script injection vulnerability by changing the Enhanced Security default (CVE-2009-3956).
- This update resolves a null-pointer dereference vulnerability that could lead to denial of service (CVE-2009-3957).
- This update resolves a buffer overflow vulnerability in the Download Manager that could lead to code execution (CVE-2009-3958).
- This update resolves an integer overflow vulnerability in U3D support that could lead to code execution (CVE-2009-3959).
Adobe rates this a “critical” update on all platforms. The flaws affect Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX; and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.
These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.
Source: Ryan Naraine, ZDNet