Adobe Reader Flash AVM2 Memory Corruption
Added: 03/30/2011CVE: CVE-2011-0609
BID: 46860
OSVDB: 71254
Background
Adobe Reader is free software for viewing PDF documents.Problem
Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player.Resolution
Update Adobe Flash Player to version 10.2.153.1 or later, Adobe AIR to version 2.6 or later, Adobe Reader X to version 10.0.2 or later, and Adobe Reader to version 9.4.3 or later.References
http://www.kb.cert.org/vuls/id/192052http://www.adobe.com/support/security/advisories/apsa11-01.html
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html
Limitations
This exploit works against Adobe Systems Adobe Reader 9.4.0 running on Microsoft Windows XP SP3 English (DEP AlwaysOff) or Microsoft Windows Vista SP2 English (DEP AlwaysOff).Platforms
WindowsBack to exploit index