Adobe Reader 10.1.4 was released today to address a number of vulnerabilities that could cause application crashes and allow attacker control. Users of Adobe Reader X and Acrobat X are encouraged to update to today’s release of 10.1.4. Adobe Reader and Acrobat 9.5.1 were also updated to version 9.5.2.
The Adobe Security Bulletin detailed the vulnerabilities it resolved:
- These updates resolve a stack overflow vulnerability that could lead to code execution (CVE-2012-2049).
- These updates resolve a buffer overflow vulnerability that could lead to code execution (CVE-2012-2050).
- These updates resolve memory corruption vulnerabilities that could lead to code execution (CVE-2012-2051, CVE-2012-4147, CVE-2012-4148, CVE-2012-4149, CVE-2012-4150, CVE-2012-4151, CVE-2012-4152, CVE-2012-4153, CVE-2012-4154, CVE-2012-4155, CVE-2012-4156, CVE-2012-4157, CVE-2012-4158, CVE-2012-4159, CVE-2012-4160).
- These updates resolve a heap overflow vulnerability that could lead to code execution (CVE-2012-1525).
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-4161) (Macintosh only).
- These updates resolve a memory corruption vulnerability that could lead to code execution (CVE-2012-4162) (Macintosh only).
You can download the updated executable from Adobe.com or from Adobe’s FTP site (.msp is located under the misc folder and the 10.1.4 executable is under the language folder like EN).
In addition to Adobe Reader, a Security Bulletin for Adobe Flash Player was released to accompany an update of version 11.3.300.270 to 11.3.300.271.
Happy patching!