Operating System:

[WIN][LINUX][MAC]

Published:

14 February 2013

Protect yourself against future threats.

//Service

Security Bulletins

Receive up to date and consistent security bulletins across a wide range of vendors, streamlining security patching.

Read more
Resources > Security Bulletins > ESB-2013.0206 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2013.0206
              Security Advisory for Adobe Reader and Acrobat
                             14 February 2013

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           Adobe Reader and Acrobat
Publisher:         Adobe
Operating System:  Windows
                   Linux variants
                   OS X
Impact/Access:     Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Denial of Service               -- Remote with User Interaction
Resolution:        Mitigation
CVE Names:         CVE-2013-0641 CVE-2013-0640 

Original Bulletin: 
   http://www.adobe.com/support/security/advisories/apsa13-02.html

Comment: There are reports that these vulnerabilities are being exploited in 
         the wild. 
         
         Adobe have not yet provided patches to solve these vulnerabilities but
         they have given possible mitigations. 
         
         This bulletin will be updated when patches are made available.

- --------------------------BEGIN INCLUDED TEXT--------------------

Security Advisory for Adobe Reader and Acrobat

Release date: February 13, 2012

Vulnerability identifier: APSA13-02

CVE number: CVE-2013-0640, CVE-2013-0641

Platform: Windows and Macintosh

Summary

Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in
Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 
9.5.3 and earlier for Windows and Macintosh.  These vulnerabilities could cause
the application to crash and potentially allow an attacker to take control of
the affected system. 

Adobe is aware of reports that these vulnerabilities are being exploited in the
wild in targeted attacks designed to trick Windows users into clicking on a 
malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update
this advisory when a date for the fix has been determined.  

Affected software versions

    Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
    Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
    Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
    Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
    Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
    Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

Mitigations

Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from
this exploit by enabling Protected View. To enable this setting, choose the 
"Files from potentially unsafe locations" option under the Edit > Preferences >
Security (Enhanced) menu.

Enterprise administrators can protect Windows users across their organization
by enabling Protected View in the registry and propagating that setting via GPO
or any other method. Further information about enabling Protected View for the
enterprise is available here.

Details

Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641)
in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier)
and 9.5.3 and earlier for Windows and Macintosh.  These vulnerabilities could
cause the application to crash and potentially allow an attacker to take 
control of the affected system. 

Adobe is aware of reports that these vulnerabilities are being exploited in the
wild in targeted attacks designed to trick Windows users into clicking on a 
malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update
this advisory when a date for the fix has been determined.

Users may monitor the latest information on the Adobe Product Security 
Incident Response Team blog at http://blogs.adobe.com/psirt or by subscribing
to the RSS feed at http://blogs.adobe.com/psirt/atom.xml.

Adobe actively shares information about this and other vulnerabilities with
partners in the security community to enable them to quickly develop detection
and quarantine methods to protect users until a patch is available.  As always,
Adobe recommends that users follow security best practices by keeping their
anti-malware software and definitions up to date.

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBURyBQu4yVqjM2NGpAQI/fBAAu3etCehvBByR87m92dk+S8nvdWU3FpwK
pQZgU94MpNwef4LcTwDqpCySyW7oBtUn6aST+DqSKdfvNLvuWEh0iznF2sLEHWCV
KNBJaAzAAz9v/AKtrJRMTjHI5b4jZMFtJXThpCwTOFqLkTG3551SlMuZzUmSQk68
9ft3aqgzPQN5HRMTQmyRSwtnZUxgxPs9Ut5CJSMWX0B0l0N+1ToDSEEq6k1Jv9B9
XzUdFBIbtCnB/MCAlGeo+df2jzFoV/iDt5XldxMfJdqSQ1RXZEmFYIDHT31ssWs1
/MOV+kuCPM+FlOAT4RW4dqYsn6UjaJXSLXz/sYuO9G0hcrBOEpfGD26l8P2vUdoU
wAJptstEh9SlqZ0mVapYow6ENxsSfA8UdeBqlP1vNbLOT2WEgv7Yb6c/d16ylZL5
AAOP5xPX/wmDHCs976/YdVLg+BWyO/FLL79GHXYvhyZOORl3X/fg1EgxypXodm+H
x3VujLYs4pnmZG395ggFFUkzTIxe9qI+EkZFAoM7PInpL+g1Bw7UclpK4uaz1Sei
/MXLdG7w2ITs7J4jROzMgzGNlmyYydM02kp7TsdkM7WFtPzDuGks2T83XfQA58Xg
j/sQF0d6CUqSVXtiHwJjtENwImo8wSLFszWXQc3MmeMhrcJtTMZ7JXubXghK20C1
feyPm3F+52E=
=nMxo
-----END PGP SIGNATURE-----