Public Safety Canada
Symbol of the Government of Canada
Skip to content | Skip to institutional links

Common menu bar links | Liens de navigation communs

Skip Navigation Links Home > Programs > Response > CCIRC > Analytical releases 2010 > AV10-019: Critical Security Update for Adobe Reader and Acrobat

Institutional links

Critical Security Update for Adobe Reader and Acrobat

Number: AV10-019
Date: 30 June 2010

Purpose

The purpose of this advisory is to bring attention to an accelerated release of the quarterly update of Adobe Reader and Acrobat 9.3.3 and 8.2.3 which addresses CVE-2010-1297.

Assessment

Multiple critical vulnerabilities have been identified in Adobe Reader and Acrobat. They could be exploited by attackers to cause a denial of service or compromise a vulnerable system by tricking a user into opening a specially crafted PDF document. These issues are caused by memory corruptions, invalid pointers, uninitialized memory, array-indexing and use-after-free errors when processing malformed data within a PDF document.

This is a follow up to CCIRC AL10-002 released 11 June 2010.

Affected Products:

Adobe Reader 9.3.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.3.2 and earlier versions for Windows and Macintosh

References:

http://www.adobe.com/support/security/bulletins/apsb10-15.html
http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html

Suggested action

CCIRC recommends that departments liaise with the administrators/maintainers of the network service to identify affected products and assess the need to apply the appropriate updates and/or workarounds.

Note to Readers

The Canadian Cyber Incident Response Centre (CCIRC) provides a focal point for Canada's cyber threat and vulnerability warning, analysis and response. CCIRC is responsible for assuring the resilience of national critical infrastructure through monitoring threats and coordinating a federal response to cyber security incidents of national interest. CCIRC operates in conjunction with the Government Operations Centre (GOC) within Public Safety Canada and is a key component of the government's all-hazards approach to emergency management and national security.

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: communications@ps-sp.gc.ca

Date Modified: 2010-06-30
Top of Page
Top of Page
Important Notices