The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

cybersecurity alert CVE-2013-0640 CVE-2013-0641

Adobe Reader, Acrobat: two vulnerabilities

Synthesis of the vulnerability

Several Adobe Reader/Acrobat vulnerabilities can be used by an attacker to execute code or to create a denial of service.
Severity of this computer vulnerability: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 14/02/2013.
Références of this announce: APSA13-02, APSB13-07, BID-57931, BID-57947, CERTA-2013-ALE-002, CVE-2013-0640, CVE-2013-0641, openSUSE-SU-2013:0335-1, openSUSE-SU-2013:0335-2, openSUSE-SU-2013:0342-1, RHSA-2013:0551-01, SUSE-SU-2013:0349-1, VIGILANCE-VUL-12424, VU#422807.
Full Vigil@nce bulletin... (Free trial)

Description of the vulnerability

Several vulnerabilities were announced in Adobe Reader/Acrobat.

An unknown vulnerability leads to code execution. [severity:3/4; CVE-2013-0640]

An unknown vulnerability leads to code execution. [severity:3/4; BID-57947, CVE-2013-0641]

An attacker can invite the victim to open a malicious PDF document, in order to execute code on his computer.
Full Vigil@nce bulletin... (Free trial)

This weakness impacts software or systems such as Acrobat, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this vulnerability announce is important.

The trust level is of type confirmed by the editor, with an origin of document.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this threat bulletin.

Solutions for this threat

Adobe Reader, Acrobat: version 11.0.02.
The version 11.0.02 is fixed:
  http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
  http://www.adobe.com/

Adobe Reader, Acrobat: version 10.1.6.
The version 10.1.6 is fixed:
  http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows

Adobe Reader, Acrobat: version 9.5.4.
The version 9.5.4 is fixed:
  http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
  ftp://ftp.adobe.com/pub/adobe/reader/unix/9.x/

Adobe Reader, Acrobat: workaround.
A workaround is to enable "Protected View" :
  http://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/protectedview.html
It is recommended to disable the display of PDF documents in web browsers.

openSUSE: new acroread packages.
New packages are available:
  openSUSE 11.4 : acroread-9.5.4-14.1
  openSUSE 12.1 : acroread-9.5.4-3.17.1
  openSUSE 12.2 : acroread-9.5.4-3.8.1

RHEL: new acroread packages.
New packages are available:
  acroread-9.5.4-1.el5_9
  acroread-9.5.4-1.el6

SUSE LE: new acroread packages.
New packages are available:
  SUSE LE 10 : acroread-9.5.4-0.6.1
  SUSE LE 11 : acroread-9.5.4-0.3.1
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a software vulnerabilities patch. The technology watch team tracks security threats targeting the computer system. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.