PROBLEM:
A vulnerability was reported in Adobe Acrobat and Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system.
PLATFORM:
Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Macintosh operating systems
ABSTRACT:
A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.
reference LINKS:
SecurityTracker Alert ID: 1025434
Mitre Reference: CVE-2011-0610
Critical Security Updates Available for Adobe Reader and Acrobat
IMPACT ASSESSMENT:
High
Discussion:
The second vulnerability addressed by these updates, CVE-2011-0610, is located in the CoolType library, but no attacks are known to exploit it. A remote user can create a specially crafted PDF file that, when loaded by the target user, will trigger a memory corruption error in the CoolType library and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Solution:
Adobe recommends users update their software installations by following the instructions below: