Adobe Reader 9.3.3/8.2.3 addressing CVE-2010-1297

Published: 2010-06-29
Last Updated: 2010-06-29 23:08:32 UTC
by donald smith (Version: 1)
1 comment(s)

Adobe has released the update they promised earlier this month for Reader and Acrobat (flash player 10.0.45.2 code execution).
It addresses the following vulnerabilities including the recently announced CVE-2010-1297 :
CVE-2010-1240, CVE-2010-1285, CVE-2010-1295, CVE-2010-1297, CVE-2010-2168, CVE-2010-2201, CVE-2010-2202,
CVE-2010-2203, CVE-2010-2204, CVE-2010-2205, CVE-2010-2206, CVE-2010-2207, CVE-2010-2208, CVE-2010-2209,
CVE-2010-2210, CVE-2010-2211, CVE-2010-2212

The new version  is 9.3.3 and the Security Bulletin is here:
http://www.adobe.com/support/security/bulletins/apsb10-15.html

More details can be found at:
http://blogs.adobe.com/adobereader/2010/06/adobe_reader_and_acrobat_933_a.html

don smith

Keywords: adobe update
1 comment(s)

Comments

Unfortunately the /Launch vulnerability is not properly mitigated:
http://blog.bkis.com/en/adobe-fix-still-allows-escape-from-pdf/

It's likely that the many/all of the other patched vulnerabilities are completely resolved, however, so it is still advisable to patch.

Diary Archives