Zero-Day vulnerability in Adobe Reader allows hacker to control system

Adobe released a Security advisory notifying about the new zero-day Vulnerability in the Adobe Reader. Hackers can exploit U3D memory corruption vulnerability (CVE-2011-2462) to crash the affected system and to potentially allow access to the system.

“We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011.Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.
“Said in the Advisory.

The Affected versions:

  • Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
  • Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
  • Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh

Adobe Reader for Android and Adobe Flash Player are not affected by the issue in any way.

Check the Full Advisory here:

http://www.adobe.com/support/security/advisories/apsa11-04.html

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s