 |
 Adobe Reader U3D DLL Loading Remote Code Execution Vulnerability (APSB10-02)
Industry Reference:CVE-2009-3954.
A remote code execution vulnerability has been discovered in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue will cause the application to become non-responsive, and may allow execution of arbitrary code on an affected system. This protection will detect and block attempts to exploit this vulnerability.
Security Gateway R70: A new protection is now available.
CPAI-2010-010.
Adobe Reader JPEG2000 Region of Interest Memory Corruption Vulnerability (APSB10-02)Industry Reference:CVE-2009-3955.
A memory corruption vulnerability has been reported in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation allows execution of arbitrary code on a vulnerable system. This protection will detect and block attempts to transfer malformed PDF files over HTTP.
Security Gateway R70: A new protection is now available.
CPAI-2010-007.
Security Best Practice: Blocking FDF Files Containing Timed JavascriptIndustry Reference:CVE-2009-3956.
A remote code execution vulnerability exists within the Forms Data Format (FDF) built into Adobe Acrobat Reader. FDF is a file format used for representing form data and annotations that are contained in a PDF form. A remote attacker may exploit this issue to inject JavaScript into a PDF file from any domain on the internet. This protection will detect and block attempts to transfer FDF files that contain JavaScript over HTTP.
Security Gateway R70: A new protection is now available.
SBP-2010-04.
Adobe Reader Null-Pointer Dereference Denial of Service Vulnerability (APSB10-02)Industry Reference:CVE-2009-3957.
A denial of service vulnerability has been discovered in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation of this issue will cause the application to become non-responsive. This protection will detect and block attempts to transfer malformed PDF files over HTTP.
Security Gateway R70: Preemptive protection is provided by this product.
CPAI-2010-008.
Adobe Reader Download Manager ActiveX Control Buffer Overflow Vulnerability (APSB10-02)Industry Reference:CVE-2009-3958.
A remote code execution vulnerability has been discovered in Adobe Reader and Acrobat NOS Microsystems getPlus+ ActiveX Control. A remote attacker could implant a shell code on a target system using heap spray exploitation method. Heap spraying is a technique for exploiting vulnerabilities in internet browsers (e.g. Internet Explorer, Firefox). Successful exploitation allows execution of arbitrary code on a vulnerable system. This protection will detect and block a large number of known shell code exploits.
Security Gateway R70: Preemptive protection is provided by this product.
CPAI-2010-009.
|
January 13, 2010
 |
You have received this notification because you have subscribed to the SmartDefense mailing list. If you would prefer to no longer receive security alerts and defense notifications please click to Unsubscribe
As always, please feel free to contact us directly if you have any comments or questions.
Read Check Point's Privacy Policy
©2003.2009 Check Point Software Technologies Ltd. (Nasdaq: CHKP) All rights reserved.
800 Bridge Parkway, Redwood City, CA USA 94065 |
|