Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4160]

VulDB: Adobe Acrobat/Reader 9.5.1/10.1.3 buffer overflow [CVE-2012-4160]

General

Adobe

scipID: 5972
Affected: Adobe Acrobat/Reader 9.5.1/10.1.3
Published: 08/14/2012 (Mateusz Jurczyk/Gynvael Coldwind)
Risk: critical
Entry: 90% complete
Created: 08/17/2012
Updated: 09/03/2012

Summary

A vulnerability was found in Adobe Acrobat and Reader 9.5.1/10.1.3 and classified as critical. Affected by this issue is an unknown function. The manipulation with an unknown input leads to a buffer overflow vulnerability. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 08/14/2012 by Mateusz Jurczyk and Gynvael Coldwind with Google Security Team as APSB12-16 as bulletin (Website). The advisory is shared for download at adobe.com. The public release has been coordinated in cooperation with the vendor. This vulnerability is handled as CVE-2012-4160 since 08/07/2012. The exploitability is known to be difficult. The attack needs to done within the local network. No form of authentication is required for exploitation. Technical details are unknown but a private exploit is available.

Upgrading to version 9.5.2 or 10.1.4 eliminates this vulnerability. The upgrade is hosted for download at get.adobe.com. A possible mitigation has been published immediately after the disclosure of the vulnerability. The vulnerability is also documented in the databases at OSVDB (84632) and Secunia (SA50281).