Threat Level: green Handler on Duty: Remco Verhoef

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2016-03-08 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
ISC Stormcast For Tuesday, March 8th 2016 http://isc.sans.edu/podcastdetail.html?id=4899

Critical Adobe Updates - March 2016

Published: 2016-03-08
Last Updated: 2016-03-08 21:38:19 UTC
by Rick Wanner (Version: 1)
4 comment(s)

Adobe has released updates for Acrobat and Acrobat Reader versions to address "critical vulnerabilities that could potentially allow an attacker to take control of the affected system".

According to Adobe, there are three CVE's fixed in these updates. CVE-2016-1007 and CVE-2016-1009 refer to memory corruption issues that could permit code execution.   CVE-2016-1008 refers to a resource directory search path issue that could also lead to code execution.

Both of these sound serious enough to warrant updating as soon as reasonable.

Further information can be found at:

https://helpx.adobe.com/security/products/reader/apsb16-09.html

https://helpx.adobe.com/acrobat/kb/known-issues-acrobat-dc-reader.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/index.html

http://www.adobe.com/devnet-docs/acrobatetk/tools/ReleaseNotes/11/11.0.15.html#elevenzerozerofifteen

 

-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected)

Keywords: acrobat Adobe
4 comment(s)
Diary Archives