Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-005: Multiple Vulnerabilities in Adobe Reader and Acrobat

Institutional links

Multiple Vulnerabilities in Adobe Reader and Acrobat

Number: AV10-005
Date: 14 January 2010

Purpose

The purpose of this advisory is to bring attention to multiple critical vulnerabilities in Adobe Reader and Acrobat.

Assessment

Multiple critical vulnerabilities have been identified in Adobe Reader 9.2 and Acrobat 9.2 for Windows, Macintosh and UNIX, and Adobe Reader 8.1.7 and Acrobat 8.1.7 for Windows and Macintosh.

These vulnerabilities could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe recommends users of Adobe Reader 9.2 and Acrobat 9.2 and earlier versions for Windows, Macintosh and UNIX update to Adobe Reader 9.3 and Acrobat 9.3. Adobe recommends users of Acrobat 8.1.7 and earlier versions for Windows and Macintosh update to Acrobat 8.2. For Adobe Reader users on Windows and Macintosh who cannot update to Adobe Reader 9.3, Adobe has provided the Adobe Reader 8.2 update. Updates apply to all platforms: Windows, Macintosh and UNIX.

Affected software versions:
- Adobe Reader 9.2 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
- Reader 8.1.7 and earlier versions for Windows and Macintosh
- Acrobat 8.1.7 and earlier versions for Windows and Macintosh

Severity rating: Adobe categorizes this as a critical update.

Suggested action

CCIRC recommends that administrators identify affected products, test and deploy these updates according to their Release Management practices at the earliest opportunity.

References:
http://www.adobe.com/support/security/bulletins/apsb10-02.html

CVE reference:
CVE-2009-3953, CVE-2009-3954, CVE-2009-3955, CVE-2009-3956, CVE-2009-3957, CVE-2009-3958, CVE-2009-3959, CVE-2009-4324

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-01-14
Top of Page
Top of Page
Important Notices