Integer overflow in Adobe Reader and Acrobat 9.x before 9.5.1 and 10.x before 10.1.3 allows attackers to execute arbitrary code via a crafted TrueType font.

Acroread update to version 9.5.1 to fix several security issues

The remote host is affected by the vulnerability described in GLSA-201206-14 (Adobe Reader: Multiple vulnerabilities)

    Multiple vulnerabilities have been found in Adobe Reader, including an       integer overflow in TrueType Font handling (CVE-2012-0774) and multiple       unspecified errors which could cause memory corruption.
  Impact :

    A remote attacker could entice a user to open a specially crafted PDF       file, possibly resulting in  execution of arbitrary code with the       privileges of the process or a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The Acrobat Reader has been updated to version 9.5.1 to fix the following issues :

  - crafted fonts inside PDFs could allow attackers to cause     an integer overflow, resulting in the possibility of     arbitrary code execution. (CVE-2012-0774)

  - an issue in acroread's JavaScript API could     allowattackers to cause a denial of service or     potentially execute arbitrary code. (CVE-2012-0775 /     CVE-2012-0777)

Specially crafted PDF files could have caused a denial of service or have lead to the execution of arbitrary code in the context of the user running acroread :

  - crafted fonts inside PDFs could allow attackers to cause     an integer overflow, resulting in the possibility of     arbitrary code execution. (CVE-2012-0774)

  - an issue in acroread's JavaScript API could allow     attackers to cause a denial of service or potentially     execute arbitrary code. (CVE-2012-0775 / CVE-2012-0777)

The version of Adobe Reader installed on the remote Mac OS X host is prior to 10.1.3 or 9.5.1. It is, therefore, affected by the following vulnerabilities :

  - An integer overflow condition exists that allows an     attacker to execute arbitrary code via a crafted True     Type Font (TFF). (CVE-2012-0774)

  - A memory corruption issue exists in JavaScript handling     that allows an attacker to execute arbitrary code.
    (CVE-2012-0775)

  - A security bypass vulnerability exists in the Adobe     Reader installer that allows an attacker to execute     arbitrary code. (CVE-2012-0776)

  - A memory corruption issue exists in the JavaScript API     that allows an attacker to execute arbitrary code or     cause a denial of service. (CVE-2012-0777)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of Adobe Reader installed on the remote host is earlier than 10.1.3 / 9.5.1 and is, therefore, affected by multiple vulnerabilities :

  - An integer overflow vulnerability exists in True Type     Font (TFF). (CVE-2012-0774)

  - A memory corruption vulnerability exists in the     JavaScript handling. (CVE-2012-0775)

  - A security bypass exists in the Adobe Reader installer.
    (CVE-2012-0776)

The version of Adobe Acrobat installed on the remote host is earlier than 10.1.3 / 9.5.1 and is, therefore, affected by multiple vulnerabilities :

  - An integer overflow vulnerability exists in True Type     Font (TFF). (CVE-2012-0774)

  - A memory corruption vulnerability exists in the     JavaScript handling. (CVE-2012-0775)

  - A security bypass exists in the Adobe Acrobat installer.
    (CVE-2012-0776)

Updated acroread packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary.

The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

This update fixes multiple security flaws in Adobe Reader. These flaws are detailed on the Adobe security page APSB12-08, listed in the References section. A specially crafted PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader when opened. (CVE-2012-0774, CVE-2012-0775, CVE-2012-0777)

All Adobe Reader users should install these updated packages. They contain Adobe Reader version 9.5.1, which is not vulnerable to these issues. All running instances of Adobe Reader must be restarted for the update to take effect.

ID	Name	Product	Family	Severity
74602	openSUSE Security Update : acroread (openSUSE-SU-2012:0512-1)	Nessus	SuSE Local Security Checks	critical
59667	GLSA-201206-14 : Adobe Reader: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
58776	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 8077)	Nessus	SuSE Local Security Checks	critical
58774	SuSE 11.1 Security Update : Acrobat Reader (SAT Patch Number 6138)	Nessus	SuSE Local Security Checks	critical
58684	Adobe Reader < 10.1.3 / 9.5.1 Multiple Vulnerabilities (APSB12-03, APSB12-05, APSB12-07, APSB12-08) (Mac OS X)	Nessus	MacOS X Local Security Checks	critical
58683	Adobe Reader < 10.1.3 / 9.5.1 Multiple Vulnerabilities (APSB12-08)	Nessus	Windows	high
58682	Adobe Acrobat < 10.1.3 / 9.5.1 Multiple Vulnerabilities (APSB12-08)	Nessus	Windows	high
58676	RHEL 5 / 6 : acroread (RHSA-2012:0469)	Nessus	Red Hat Local Security Checks	critical

Detections

Analytics

CVE-2012-0774

high

Tenable Plugins

critical

critical

critical

critical

critical

high

high

critical