Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4159]

VulDB: Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4159]

General

Adobe

scipID: 5971
Affected: Adobe Acrobat/Reader 9.5.1/10.1.3
Published: 08/14/2012 (Mateusz Jurczyk/Gynvael Coldwind)
Risk: critical
Entry: 92% complete
Created: 08/17/2012
Updated: 09/03/2012

Summary

A vulnerability classified as critical was found in Adobe Acrobat and Reader 9.5.1/10.1.3. Affected by this vulnerability is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. As an impact it is known to affect confidentiality, integrity, and availability.

The weakness was released 08/14/2012 by Mateusz Jurczyk and Gynvael Coldwind with Google Security Team as APSB12-16 as bulletin (Website). The advisory is shared for download at adobe.com. The public release was coordinated with Adobe. This vulnerability is known as CVE-2012-4159 since 08/07/2012. The exploitability is known to be difficult. The attack can only be done within the local network. The exploitation doesn’t need any form of authentication. Technical details are unknown but a private exploit is available.

Upgrading to version 9.5.2 or 10.1.4 eliminates this vulnerability. The upgrade is hosted for download at get.adobe.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84631) and Secunia (SA50281).