Adobe Acrobat Reader Multimedia Playing: Remote Code Execution Vulnerability

Users of Adobe Acrobat Reader Multimedia Playing please be advised of a Remote Code Execution vulnerability that has been identified.

To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

Amplify’d from www.criticalwatch.com

ZDI-10-193: [ZDI-10-193] Adobe Acrobat Reader Multimedia Playing Remote Code Execution Vulnerability

-- Affected Products: Adobe Acrobat

-- Vulnerability Details: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Acrobat Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the application explicitly trusting a string's length embedded within a particular file format. The application will duplicate an arbitrarily sized string into a statically sized buffer located on the stack. This can lead to code execution under the context of the application. Read more at www.criticalwatch.com

 

See this Amp at http://bit.ly/bOrGeF