Fortinet Discovers Critical Vulnerabilities for Adobe Acrobat Professional and Adobe Reader

Vulnerabilities Enable Possible Remote Attacks of Users’ Systems

MALAYSIA, 8 May 2008 – Fortinet - the pioneer and leading provider of unified threat management (UTM) solutions - today announced that its FortiGuard Global Security Research Team has discovered vulnerabilities in Adobe Acrobat Professional and Adobe Reader (v. 7.0.9).

The two vulnerabilities exist in the Adobe Javascript API and may allow users’ systems to be exploited by remote attackers as follows:
A memory corruption issue can be exploited, allowing a remote attacker to execute arbitrary code on the affected system;
A privilege-escalation issue allows an attacker to bypass security measures to remotely access restricted functions.

“Users can protect themselves from possible attack vectors by applying all necessary patches for installed software on their systems, including operating systems, browsers and other applications,” said Derek Manky, security researcher for Fortinet.

Adobe Acrobat Professional and Adobe Reader users should upgrade to the latest versions of the software provided by Adobe at the following link: http://www.adobe.com/support/security/bulletins/apsb08-13.html.

The FortiGuard Global Security Research Team actively works with software vendors around the world to identify and resolve vulnerabilities, which helps to ensure adequate end-user protection.

For ongoing threat research, bookmark the FortiGuard Center (http://www.fortiguardcenter.com/) or add it to your RSS feed by going to http://www.fortinet.com/FortiGuardCenter/rss/index.html. To learn more about FortiGuard Subscription Services, visit http://www.fortinet.com/products/fortiguard.html.