Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Critical Vulnerability in Adobe Acrobat Applications Can Allow Remote Code Execution


Adobe Security Bulletin APSB12-16CVE-2012-4159 )

Summary


A critical remote code execution vulnerability has been discovered in Adobe's Acrobat and Reader applications. The Check Point IPS Software Blade provides immediate protection for unpatched systems.

Details


The vulnerability is due to an invalid memory access. A remote attacker could exploit this issue by enticing a targeted user to open a maliciously crafted PDF file. Successful exploitation could allow an attacker to execute arbitrary code on the targeted machine.
 

Affected Products

The following products are affected for both the Windows and Mac OS X operating systems:

  • Adobe Acrobat X and Reader X (10.1.3) and earlier 10.x versions
  • Adobe Acrobat X and Reader 9.5.1 and earlier 9.x versions 

Solution


Check Point recommends deploying the updates described in APSB12-16 when practical. The Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking attempts to open a specially crafted PDF file.

 

Originally Published:

Last Updated: 10-Oct-2012

Legal Notice for Threat Center Advisories