Full Disclosure mailing list archives
New Adobe Reader fixes some, but not all known bugs
From: Mateusz Jurczyk <j00ru.vx () gmail com>
Date: Tue, 14 Aug 2012 20:15:16 +0200
Hey, We’ve been recently working on PDF fuzzing, and consequently found around 60 unique crashes in Adobe Reader (40 of which looked potentially exploitable), which we reported to Adobe. Today Adobe has released an update for Adobe Reader Windows and OS X (no Linux update available yet) with most, but not all vulnerabilities patched. Since we were informed that the vendor was not planning to release an out-of-band update anytime soon, and Adobe Reader for Linux users are left behind with no update at all (patch-diffing anyone?), not even a sandbox to mitigate the vulnerabilities, we decided to release a note discussing the issues and possible mitigations. You can read the note on either of our blogs: http://gynvael.coldwind.pl/?id=483 http://j00ru.vexillium.org/?p=1175 Regards, -- Mateusz "j00ru" Jurczyk, Gynvael Coldwind _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- New Adobe Reader fixes some, but not all known bugs Mateusz Jurczyk (Aug 15)