본문 바로가기
취약점소식

[Adobe] Security Advisory for Adobe Reader and Acrobat

by 잡다한 처리 2010. 9. 9.
반응형



adobe 취약점이 발견되었다.

취약한 Adobe Reader 버전은 9.3.4 이하 버전이다.

아직까지 조치사항이 없으니, 메일로 전달되는 PDF파일은 열어보지 않는 것이 좋다.

또한 국내에는 아직 전파된 내용이 없는것으로 파악되며, 외국쪽에서는 발견 되어, 현재 업데이트 준비 중이다.

Security Advisory for Adobe Reader and Acrobat

Release date: September 8, 2010

Vulnerability identifier: APSA10-02

CVE number: CVE-2010-2883

Platform: All

SUMMARY

critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

AFFECTED SOFTWARE VERSIONS

Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

SEVERITY RATING

Adobe categorizes this as a critical issue.

DETAILS

critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of public exploit code for this vulnerability.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

Users may monitor the latest information on the Adobe Product Security Incident Response Team blog at the following URL:http://blogs.adobe.com/psirt or by subscribing to the RSS feed here: http://blogs.adobe.com/psirt/atom.xml.

ACKNOWLEDGMENTS

Adobe would like to thank Mila Parkour of http://contagiodump.blogspot.com for working on this issue with Adobe to help protect our customers.




댓글