Check Point Provides Network Protection Against Critical Vulnerability in Adobe Reader and Acrobat
( Adobe Security Advisory APSA11-04, CVE-2011-2462 )
Summary
A critical vulnerability in the Adobe Reader and Acrobat products could cause a crash and potentially allow an attacker to take control of a targeted system. This issue is already being exploited in the wild. The Check Point IPS Software Blade provides immediate protection at the network level by detecting and blocking the transferal of malformed PDF files over HTTP.
Details
Adobe Reader and Acrobat are applications developed by Adobe Systems that are used to view, create, manipulate and manage Portable Document Format (PDF) files.
This vulnerability is due to an error in the way Adobe Reader and Acrobat parse PDF files containing a U3D image stream. A remote attacker could trigger this issue by enticing a user to open a specially crafted PDF file using a vulnerable version of the products. Successful exploitation will result in a denial of service condition, causing the application to become non-responsive, and may allow arbitrary code execution.
Affected Products
This vulnerability exists in the following Adobe products:
- Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
- Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
Solution
As of December 13, 2011, Adobe has not yet announced availability of a patch for this issue. The Check Point IPS Software Blade provides immediate network protection by detecting and blocking the transferal of malformed PDF files over HTTP. For more information, see CPAI-2011-565.
Originally Published:
Last Updated: 13-Dec-2011