Wednesday, November 3, 2010

0-day buffer overflow in Adobe Reader and Acrobat

     A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data storage area) than it was intended to hold. Buffers are created to contain limited amount of data. Therefore, the extra information has to go somewhere, and hence it overflows into adjacent buffers, corrupting or overwriting the valid data held in them. Buffer overflow is an increasingly common type of security attack on data integrity. For example, it damages the user's files, change data, or disclose confidential information.

      

      A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

    
Affected software versions:
Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

0 comments:

Post a Comment