Fortinet Discovers Multiple Adobe Reader / Acrobat Vulnerabilities (APSB10-09) 2010.April.13 Summary: Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document. Impact: Remote Code Execution. Risk: High. Affected Software: For a list of affected software, please refer to the Adobe Security Bulletin reference below. Additional Information: Two memory corruption vulnerabilities were discovered in Adobe Reader / Acrobat, each of which is highlighted below: * Memory corruption in "3difr.x3d". The vulnerable X3D component is a plugin used to display 3D material, which when present in a PDF document, can lead to exploitation (CVE-2010-0194). * Memory corruption through heap overflow in "CoolType.dll" (CVE-2010-1241). The vulnerabilities are triggered when opening and rendering a PDF document. A remote attacker could craft a malicious document which exploits either one of these vulnerabilities, allowing them to compromise a system. Solutions: * Users should apply the solution provided by Adobe. FortiGuard Labs released the following signatures to protect against these vulnerabilities * "Adobe.Reader.DeviceRGB.Subtype.Stream.Memory.Corruption", previously released as "FG-VD-10-003-Adobe" (CVE-2010-0194). * "Adobe.Reader.Acrobat.Pro.CFF.Encodings.Handling.Heap.Overflow", previously released as "FG-VD-10-005-Adobe" (CVE-2010-1241). References: * Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-09.html * CVE ID: CVE-2010-0194 * CVE ID: CVE-2010-1241 Acknowledgment: * Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-0194) * Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-1241)