Adobe Reader Flash AVM2 Memory Corruption

Added: 03/30/2011
CVE: CVE-2011-0609
BID: 46860
OSVDB: 71254

Background

Adobe Reader is free software for viewing PDF documents.

Problem

Adobe Reader 9.x is vulnerable to a remote code execution vulnerability as a result of parsing flash content by the bundled Adobe Flash Player.

Resolution

Update Adobe Flash Player to version 10.2.153.1 or later, Adobe AIR to version 2.6 or later, Adobe Reader X to version 10.0.2 or later, and Adobe Reader to version 9.4.3 or later.

References

http://www.kb.cert.org/vuls/id/192052
http://www.adobe.com/support/security/advisories/apsa11-01.html
http://googlechromereleases.blogspot.com/2011/03/stable-and-beta-channel-updates_15.html

Limitations

This exploit works against Adobe Systems Adobe Reader 9.4.0 running on Microsoft Windows XP SP3 English (DEP AlwaysOff) or Microsoft Windows Vista SP2 English (DEP AlwaysOff).

Platforms

Windows

Back to exploit index