HKCERT Alert 09-S005

HKCERT Issues a Security Alert on Adobe Acrobat and Reader Image Stream Code
Execution Vulnerability
===========================================================================
The Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)
had issued an alert on a critical security vulnerability "Adobe Acrobat and
Reader Image Stream Code Execution Vulnerability" today (23 February 2009).

This security alert applies to
- - Adobe Reader versions 9.x
- - Adobe Reader versions 8.x
- - Adobe Reader versions 7.x
- - Adobe Acrobat Standard versions 9.x
- - Adobe Acrobat Standard versions 8.x
- - Adobe Acrobat Standard versions 7.x
- - Adobe Acrobat Pro versions 9.x
- - Adobe Acrobat Pro versions 8.x
- - Adobe Acrobat Pro versions 7.x
- - Adobe Acrobat Pro Extended versions 9.x

An attacker could exploit the vulnerabilities may be available to execute
arbitrary code.

Note: There is no patch available for this vulnerability currently.

Please read the following URL for more details.
http://www.hkcert.org/english/salert/index.html

Users are cautioned to patch all their systems when Adobe announces patches
to fix the vulnerability.

For enquiries and incident reporting, please contact

Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT)


Contact us
==========
If you have any questions or suggestions, please contact us at:
Tel   : (852) 8105 6060
Fax   : (852) 8105 9760
E-mail: hkcert@hkcert.org

Withdraw Subscription
=====================
If you want to be removed from our mailing list, please send an
e-mail to hkcert@hkcert.org with "UNSUBSCRIBE" in the
subject line.

Disclaimer
==========
Hong Kong Computer Emergency Response Team Coordination Centre (HKCERT) and
Hong Kong Productivity Council ( HKPC ) make no express or implied warranties of
merchantability or fitness for a particular purpose or use with respect to any
information, data or software whatsoever in this web site. Under no circumstances
will HKCERT nor HKPC be held liable to any third party who may choose to rely on
the information, data or  software in this web site for planning or other purposes.

Verifying PGP Signature
========================
We strongly urge you to verify this e-mail by our PGP public key
Our public PGP key is available from:
https://www.hkcert.org/english/subscribe_ssl.html

- ------------------------------------------------------------------------------

香港電腦保安事故協調中心發出「Adobe Acrobat 和 Reader 的影像串流執行程式碼漏洞」
保安警報
===========================================================================

香港電腦保安事故協調中心今日（2009年2月23日）發出有關 "Adobe Acrobat 和 Reader
的影像串流執行程式碼漏洞" 警報。

這警報適用於
- - Adobe Reader 版本 9.x
- - Adobe Reader 版本 8.x
- - Adobe Reader 版本 7.x
- - Adobe Acrobat Standard 版本 9.x
- - Adobe Acrobat Standard 版本 8.x
- - Adobe Acrobat Standard 版本 7.x
- - Adobe Acrobat Pro 版本 9.x
- - Adobe Acrobat Pro 版本s 8.x
- - Adobe Acrobat Pro 版本 7.x
- - Adobe Acrobat Pro Extended 版本 9.x

攻擊者可以透過這些漏洞進行遠端執行程式碼。

注意: 此漏洞暫時仍然沒有相關的修補程式。

詳請可參閱下面的相關連結:
http://www.hkcert.org/chinese/salert/index.html

本中心呼籲用戶須留意 Adobe 最新公佈，為系統更新最新的修補程式。

查詢及事故報告，請聯絡：

香港電腦保安事故協調中心


聯絡我們
========
如有任何查詢或意見，請從以下方法聯絡我們：
電話    : (852) 8105 6060
傳真    : (852) 8105 9760
電子郵件: hkcert@hkcert.org

|