Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297 - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297

Adobe has released the update they promised earlier this month for Reader and Acrobat (flash player 10.0.45.2 code execution).
It addresses the following vulnerabilities including the recently announced CVE-2010-1297 :
CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202,
CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209,
CVE-2010-2210, CVE-2010-2211, CVE-2010-2212

The new version  is 9.3.3 and the Security Bulletin is here:
http://www.adobe.com/support/security/bulletins/apsb10-15.html

More details can be found at:
http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html

don smith

donald

206 Posts
ISC Handler
Unfortunately the /Launch vulnerability is not properly mitigated:
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

It's likely that the many/all of the other patched vulnerabilities are completely resolved, however, so it is still advisable to patch.
Anonymous

Sign Up for Free or Log In to start participating in the conversation!