[Ics-security] Adobe Vulnerability and Fix
Kelly Mahoney
mahoney at jlab.org
Fri Apr 13 15:24:25 EDT 2012
Note: This vulnerability has been used to gain access to control system
computers including programming stations and HMI/SCADAs. A popular
method to gain access are pshing e-mails purporting to be from Adobe
saying your Adobe reader has a critical security flaw and to click a
link to update the software.
Also, the vulnerability is applicable to windows, mac, and Linux
machines - including those running as virtual machines.
Adobe Fixes Critical Vulnerabilities In Reader And Acrobat: Adobe Reader
logo Adobe has released versions 10.1.3 and 9.5.1 of its Acrobat and
Reader products to address high priority security vulnerabilities that
could be used by an attacker to cause the application to crash and
potentially take control of an affected system. These include memory
corruption in the JavaScript API and JavaScript handling, an integer
overflow in the True Type Font (TTF) handling and a security bypass via
the Adobe Reader installer, all of which could lead to arbitrary code
execution. [HSEC-1.7; Date: 11 April 2012; Source:
http://www.h-online.com/security/news/item/Adobe-fixes-critical-vulnerabilities-in-Reader-and-Acrobat-1518711.html]
Kelly Mahoney
--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://mailman.jlab.org/pipermail/ics-security/attachments/20120413/1b38d904/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mahoney.vcf
Type: text/x-vcard
Size: 197 bytes
Desc: not available
Url : https://mailman.jlab.org/pipermail/ics-security/attachments/20120413/1b38d904/attachment.vcf
More information about the ICS-Security
mailing list