Critical Vulnerability in Adobe Acrobat Applications Can Allow Remote Code Execution
( Adobe Security Bulletin APSB12-16, CVE-2012-4159 )
Summary
A critical remote code execution vulnerability has been discovered in Adobe's Acrobat and Reader applications. The Check Point IPS Software Blade provides immediate protection for unpatched systems.
Details
The vulnerability is due to an invalid memory access. A remote attacker could exploit this issue by enticing a targeted user to open a maliciously crafted PDF file. Successful exploitation could allow an attacker to execute arbitrary code on the targeted machine.
Affected Products
The following products are affected for both the Windows and Mac OS X operating systems:
- Adobe Acrobat X and Reader X (10.1.3) and earlier 10.x versions
- Adobe Acrobat X and Reader 9.5.1 and earlier 9.x versions
Solution
Check Point recommends deploying the updates described in APSB12-16 when practical. The Check Point IPS Software Blade protects unpatched systems in the latest IPS update by detecting and blocking attempts to open a specially crafted PDF file.
Originally Published:
Last Updated: 10-Oct-2012