Sense of Security – Security Advisory – SOS-11-001
Release Date. | 21-Feb-2011 |
Last Update. | – |
Vendor Notification Date. | 26-Jul-2010 |
Product. | Adobe Reader |
Adobe Acrobat | |
Platform. | Windows |
Affected versions. | 9.4.1 verified and possibly others. |
Severity Rating. | Low |
Impact. | Denial of Service |
Attack Vector. | Local system |
Solution Status. | Upgrade to 9.4.2 (as advised by Adobe) |
CVE reference. | CVE-2011-0585 |
Details.
Adobe Reader is a popular freeware PDF viewer. Version 9.4.1 of the application is vulnerable to a DoS attack. By sending specially crafted PDF files it is possible to cause Adobe Reader to become “stuck” within an infinite loop condition, consuming system resources.
If triggered, forced closure of the application is required.
It is not possible to execute code by exploiting this vulnerability.
Proof of Concept.
Proof of concept PDF files are available to Sense of Security customers upon request.
Solution.
A patch is available from Adobe and is included in the next release (9.4.2).
Discovered by.
Sense of Security Labs.