Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 9 Aug 2010 9:57 pm |
|
Adobe Corp has announced that they will be releasing an out of band patch for a new vulnerability in Adobe Reader and Acrobat. The vulnerability was demonstrated by Charlie Miller, at this summer's Blackhat Security Convention.
Adobe is planning to release updates for Adobe Reader 9.3.3 for Windows, Macintosh and UNIX, Adobe Acrobat 9.3.3 for Windows and Macintosh, and Adobe Reader 8.2.3 and Acrobat 8.2.3 for Windows and Macintosh to resolve critical security issues, including CVE-2010-2862 which was discussed at the Black Hat USA 2010 security conference on Wednesday, July 28, 2010. Adobe expects to make these updates available during the week of August 16, 2010.
The vulnerability is caused due to an integer overflow error in CoolType.dll when parsing the "maxCompositePoints" field value in the "maxp" (Maximum Profile) table of a TrueType font. This can be exploited to corrupt memory via a PDF file containing a specially crafted TrueType font. Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in Adobe Reader versions 8.2.3 and 9.3.3 and Adobe Acrobat version 9.3.3. Other versions may also be affected.
For you general safety, do not ever open untrusted PDF files.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
