Security Advisory - September 9, 2010
Zscaler Provides Protection for Critical Adobe Reader and Acrobat Vulnerability
Adobe has confirmed the existence of a 0day vulnerability (CVE-2010-2883) in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, as well as in Adobe Acrobat 9.3.4 as well as earlier versions for Windows and Macintosh. This vulnerability is currently being used in attacks in the wild, but a patch is not yet available to mitigate the threat. The vulnerability stems from a stack overflow in the CoolType.dll library.
A module for the vulnerability has been released for the popular MetaSploit Framework, so additional attacks built upon this vulnerability are expected. The issue was first publicized by researcher Mila Parkour, who spotted exploitation in email messages with the subject “Golf Clinic, David Leadbetter's One Point Lesson”.
Zscaler has deployed protections for all known exploits leveraging this vulnerability and will continue to monitor the issue. Zscaler customers are protected without the need to take further action.
APSA10-02Security Advisory for Adobe Reader and Acrobat
CVE: CVE-2010-2883
Severity: Critical
Affected Software
  • Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
  • Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
About Zscaler
Through a multi-tenant, globally-deployed infrastructure, Zscaler enforces business policy, mitigates risk, and provides twice the functionality at a fraction of the cost of current solutions. It enables organizations to provide the right access to the right users, from any place and on any device, while empowering the end-user with a rich Internet experience. For more information, visit us at www.zscaler.com.
Press Contacts:
Paula Dunne
Office: +1-408-776-1400, Mobile: +1-408-893-8750
Paula.Dunne@zscaler.com
Zscaler®, and the Zscaler Logo are trademarks of Zscaler, Inc. in the United States. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.
Related Links:
 
Contact Sales
Resources

More
Lunch and
Learn Seminar
What Hackers Know That You Don't About iPads & Facebook
Live Webcast
Selecting the Right    Secure Web Gateway for a Mobile and
Social World
  Find us online    
 
[+] Zscaler Quick Links - Software as a Service - Secure Email and Web Gateway
© 2009-2012 Zscaler, Inc. All rights reserved. |  Privacy Policy | Acceptable Use Policy | Site Map