[Other] Schwachstellen in Adobe Reader and Acrobat – apsb11-08

[Other] Schwachstellen in Adobe Reader and Acrobat - apsb11-08

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung. Wir geben diese Informationen
unveraendert an Sie weiter.

CVE-2011-0611 – Schwachstelle im Adobe Flash Player

Im Adobe Flash Player in Version 10.2.153.1 und frueher, sowie in der
Bibliothek Authplay.dll, die Bestandteil des Adobe Readers und Acrobat X
ist, besteht eine nicht naeher beschriebene Schwachstelle. Ein
entfernter Angreifer kann mittels einer praeparierten SWF-Datei oder
manipulierten Webseite mit aktiven Flash-Inhalten die entsprechende
Anwendung zum Absturz oder beliebige Befehle mit den Rechten der
Anwendung zur Ausfuehrung bringen. Die Schwachstelle wird durch in
Microsoft Word Dokumenten eingebetteten Flash-Inhalten bereits aktiv
ausgenutzt.

CVE-2011-0610 – Schwachstelle in der Bibliothek CoolType

In Adobe Reader und Acrobat ist eine Schwachstelle in der Bibliothek
CoolType enthalten. Ein entfernter Angreifer kann diese Schwachstelle
zum ausfuehren beliebiger Befehle mit den Rechten des Benutzer
ausfuehren, wenn er diesen dazu bringt, ein entsprechend aufgebautes
Dokument (PDF) oder eine Webseite mit hinterlegten Dokument zu oeffnen.

Betroffen sind die folgenden Software Pakete und Plattformen:

Adobe Reader X (10.0.1) und fruehere Versions
Adobe Reader X (10.0.2) und fruehere Versions
Adobe Reader 10.x
Adobe Reader 9.x
Adobe Reader 8.x
Adobe Acrobat X (10.0.2) und fruehere Versions

Alle Plattformen fuer die die betroffene Software verfuegbar ist.

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Torsten Voss

– —

Dipl.-Ing.(FH) Torsten Voss (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

Security updates available for Adobe Reader and Acrobat

Release date: April 21,2011

Vulnerability identifier: APSB11-08

CVE number: CVE-2011-0611, CVE-2011-0610

Platform: All Platforms
Summary

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. These vulnerabilities, including CVE-2011-0611, as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe recommends users of Adobe Reader X (10.0.2) for Macintosh update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3 for Windows and Macintosh, Adobe has made available the update, Adobe Reader 9.4.4. Adobe recommends users of Adobe Acrobat X (10.0.2) for Windows and Macintosh update to Adobe Acrobat X (10.0.3). Adobe recommends users of Adobe Acrobat 9.4.3 for Windows and Macintosh update to Adobe Acrobat 9.4.4. Because Adobe Reader X Protected Mode would prevent exploits of the type targeting CVE-2011-0611 from executing, we are currently planning to address these issues in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. Today’s security updates are out-of-cycle updates.
Affected software versions

* Adobe Reader X (10.0.1) and earlier versions for Windows
* Adobe Reader X (10.0.2) and earlier versions for Macintosh
* Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh

NOTE: Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by CVE-2011-0611.
Solution

Adobe recommends users update their software installations by following the instructions below:

Adobe Reader

Users on Windows and Macintosh can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Adobe Reader 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader 10.x and 9.x users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Because Adobe Reader X (10.x) Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011

Adobe Acrobat

Users can utilize the product’s update mechanism. The default configuration is set to run automatic update checks on a regular schedule. Update checks can be manually activated by choosing Help > Check for Updates.

Acrobat Standard and Pro 10.x and 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended 9.x users on Windows can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat Pro users on Macintosh can also find the appropriate update here:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.
Severity rating

Adobe categorizes these as critical updates and recommends affected users update their installations to the newest versions.
Details

Critical vulnerabilities have been identified in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems. These vulnerabilities, including CVE-2011-0611, as referenced in Security Advisory APSA11-02, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that one of the vulnerabilities, CVE-2011-0611, There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform. Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing.

Adobe recommends users of Adobe Reader X (10.0.2) for Macintosh update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3 for Windows and Macintosh, Adobe has made available the update, Adobe Reader 9.4.4. Adobe recommends users of Adobe Acrobat X (10.0.2) for Windows and Macintosh update to Adobe Acrobat X (10.0.3). Adobe recommends users of Adobe Acrobat 9.4.3 for Windows and Macintosh update to Adobe Acrobat 9.4.4. Because Adobe Reader X Protected Mode would prevent exploits of the type targeting CVE-2011-0611 from executing, we are currently planning to address these issues in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011. Today’s security updates are out-of-cycle updates.

(Note: Adobe Reader for Android is not affected by these issues.)

These updates resolves a memory corruption vulnerability that could lead to code execution (CVE-2011-0611).

These updates resolve a memory corruption vulnerability in the CoolType library that could lead to code execution (CVE-2011-0610).
NOTE: Adobe is not aware of any exploits in the wild targeting CVE-2011-0610.
Acknowledgements

Adobe would like to thank the following individuals and organizations for reporting the relevant issues and for working with Adobe to help protect our customers:

* Mila Parkour, http://contagiodump.blogspot.com (CVE-2011-0611)
* CERT Polska, http://www.cert.pl/ (CVE-2011-0610)
* Paul Baccas of Sophos (CVE-2011-0610

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.9 (GNU/Linux)

iQEcBAEBAgAGBQJNttg1AAoJEJtyb8U7iGZBJjgH/23Yf8DzvSJV/dzdSGAeekY/
S5LvBYUunU2q9zuWrcS2jbxSdyGK9cVav4hazM/HDewhsqqGNc9ui+KGvNdHXJBw
Sk1S/2DqMtLBP5yWSqLz+wwx4veEENpNltj3ZKmJeXQQMgUXXAgSgzMQMV4QmbRv
6RrAZS7DMzO0NuZqifnlSKhUpbAdSbpA3maEoHW4omy99fsbcGcVECGrg+9iiPeG
bk3/0uAfWgsQFYQHYomSJSsSGL3E7EXEOq4O2NnD8GjPmgZel9lNhkz622R4jXn5
vEm/f0pnrtoXCjDA7KMIPY4euklrTAyerC1sbVOvD8J9o+ZnElscU115mYKxn5k=
=ckAW
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben