Fortinet's FortiGuard Labs has discovered two memory corruption vulnerabilities in Adobe Reader / Acrobat, which allow a remote attacker to compromise a system through a malicious document.
Remote Code Execution.
For a list of affected software, please refer to the Adobe Security Bulletin reference below.
Two memory corruption vulnerabilities were discovered in Adobe Reader / Acrobat, each of which is highlighted below:
- Memory corruption in "3difr.x3d". The vulnerable X3D component is a plugin used to display 3D material, which when present in a PDF document, can lead to exploitation (CVE-2010-0194).
- Memory corruption through heap overflow in "CoolType.dll" (CVE-2010-1241).
- Users should apply the solution provided by Adobe.
- "Adobe.Reader.DeviceRGB.Subtype.Stream.Memory.Corruption", previously released as "FG-VD-10-003-Adobe" (CVE-2010-0194).
- "Adobe.Reader.Acrobat.Pro.CFF.Encodings.Handling.Heap.Overflow", previously released as "FG-VD-10-005-Adobe" (CVE-2010-1241).
- Adobe Security Bulletin: http://www.adobe.com/support/security/bulletins/apsb10-09.html
- CVE ID: CVE-2010-0194
- CVE ID: CVE-2010-1241
- Bing Liu of Fortinet's FortiGuard Labs (CVE-2010-0194)
- Haifei Li of Fortinet's FortiGuard Labs (CVE-2010-1241)