Update Protection against Adobe Reader AcroPDF ActiveX Control Remote Denial of Service Vulnerability (APSB09-15)
| Check Point Reference: | CPAI-2009-248 | |
| Date Published: | ||
| Severity: | ||
| Source: | Adobe Security Bulletin - APSB09-15 | |
| Industry Reference(s): | CVE-2009-2987 CVE-2009-2992 |
|
| Protection Provided by: |
Security Gateway
|
|
| Who is Vulnerable? Adobe Reader 9.1.3 and earlier versions for Windows, Macintosh, and UNIX Adobe Acrobat 9.1.3 and earlier versions for Windows and Macintosh | ||
| Vulnerability Description A denial of service vulnerability has been discovered in Adobe Reader and Acrobat. A remote attacker can exploit this vulnerability by convincing a user to visit a specially crafted Web page. Successful exploitation of this issue will cause the application to become non-responsive. |
||
|
Update/Patch Available Update patches: Adobe Security Bulletin - APSB09-15 |
|
|
Vulnerability Details The vulnerability is caused by the Adobe Reader and Acrobat AcroPDF.DLL ActiveX control. A remote attacker could exploit this issue by convincing a user to visit a malicious Web page. Successful exploitation will create a denial of service condition, causing the application to become non-responsive. |
Protection Overview
This protection will detect and block the vulnerable ActiveX control.
In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.
To configure the defense, select your product from the list below and follow the related protection steps.