Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-033: Adobe Reader/Acrobat Critical Vulnerabilities

Institutional links

Adobe Reader/Acrobat Critical Vulnerabilities

Number: AV10-033
Date: 20 August 2010

Purpose

The purpose of this advisory is to bring attention to Critical vulnerabilities in Adobe Reader and Acrobat.

Assessment

Critical vulnerabilities have been identified in Adobe Reader and Adobe Acrobat. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. Adobe has released an out-of-band security update to address these vulnerabilities.

CVE-2010-2862 describes a vulnerability that was disclosed publicly during the Black Hat security conference on July 28, 2010. CCIRC is unaware of publicly available exploit code at this time; however, the presenter developed proof-of-concept code that impacts Adobe Reader 9.3.3. The information presented could facilitate the development of publicly available exploit code in the future.

This out-of-band security update also addresses multiple Adobe Flash Player vulnerabilities, as noted in Adobe Security Bulletin APSB10-16. See CCIRC AV10-030 - Multiple Vulnerabilities in Adobe Flash Player and AIR (11 August 2010) for further details.

Affected Products
-----------------

  • Adobe Reader versions 9.3.3 and earlier for Windows, UNIX and Mac OS X operating systems
  • Adobe Acrobat versions 9.3.3 and earlier for Windows and Mac OS X operating systems

References
----------
http://www.adobe.com/support/security/bulletins/apsb10-17.html

Suggested action

CCIRC recommends that organizations liaise with the administrators/maintainers of the affected products to assess exposure and apply vendor-recommended updates.

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-08-23
Top of Page
Top of Page
Important Notices