Adobe Reader Code Execution (CVE-2009-1492):
The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the getAnnots method in a PDF document.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15493.
Adobe Reader Buffer Overflow (CVE-2009-1493):
The JavaScript API in Adobe Reader may allow a remote attacker to execute code on an affected system. The problem occurs when specially crafted JavaScript uses the customDictionaryOpen method in a PDF document.
A rule to detect attacks targeting this vulnerability is included in this release and is identified with GID 1, SID 15492.
Additionally as a result of ongoing research, the Sourcefire VRT has added multiple rules to the exploit, specific-threats, backdoor, multimedia and chat rule sets to provide coverage for emerging threats from these technologies.
Details available here
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.