Sicurezza informatica Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

  • Creatore Discussione Creatore Discussione giobar57
  • Data di Inizio Data di Inizio

giobar57

Guest
Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

Release date: February 19, 2009
Vulnerability identifier: APSA09-01
Bid number: 33751
Platform: All platforms

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.
All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Affected software versions

Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions
Severity rating

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.


Link
 
giobar57 ha scritto:
Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

Release date: February 19, 2009
Vulnerability identifier: APSA09-01
Bid number: 33751
Platform: All platforms

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.
All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Affected software versions

Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions
Severity rating

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.


Link
Clicca per allargare...

Giobar,la cosa è critica,non si puo'fare nulla al momento se ho capito bene,mi sembra di aver capito che a marzo arriverà un qualche aggiornamento o patch per la soluzione,che dici,conviene registrarsi al servizio di notifica di sicurezza di Adobe?o è meglio di no?perchè tanto è lo stesso,che consigli?.Ciao.Caos
 
Caos ha scritto:
Giobar,la cosa è critica,non si puo'fare nulla al momento se ho capito bene,mi sembra di aver capito che a marzo arriverà un qualche aggiornamento o patch per la soluzione,che dici,conviene registrarsi al servizio di notifica di sicurezza di Adobe?o è meglio di no?perchè tanto è lo stesso,che consigli?.Ciao.Caos
Clicca per allargare...
apri Adobe Reader , qualsiasi versione tu abbia , entra nelle preferenze del reader e disabilita l'opzione Javascript come workaround fino al rilascio a giorni della patch
 
Voieur ha scritto:
apri Adobe Reader , qualsiasi versione tu abbia , entra nelle preferenze del reader e disabilita l'opzione Javascript come workaround fino al rilascio a giorni della patch
Clicca per allargare...

Già disabilitato Javascript nel programma,comunque c'è già una Patch anche se non ufficiale.Basta scaricare il file zip, fare una copia di backup del file AcroRd32.dll presente nella cartella C:\Programmi\Adobe\Reader 9.0\ e sostituirla con quella contenuta nell'archivio zip. Ciao Caos

http://vrt-sourcefire.blogspot.com/2009/02/homebrew-patch-for-adobe-acroreader-9.html
 
You must log in or register to reply here.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Alto