Adobe Reader 9.0 buffer overflow issue(APSA09-01, CVE-2009-0658)

see http://www.adobe.com/support/security/advisories/apsa09-01.html

Adobe said "Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th"

> Release date: February 19, 2009
>
> Vulnerability identifier: APSA09-01
>
> CVE number: CVE-2009-0658
>
> Platform: All platforms
>

> Summary
>
> A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier
> versions. This vulnerability would cause the application to crash and could potentially
> allow an attacker to take control of the affected system. There are reports that this
> issue is being exploited.

> Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant
> security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9
> by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with
> Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with
> anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the
> security of our mutual customers. A security bulletin will be published on
> http://www.adobe.com/support/security as soon as product updates are available.
>
> All documented security vulnerabilities and their solutions are distributed through the
> Adobe security notification service. You can sign up for the service at the following
> URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert

> Affected software versions
>
> Adobe Reader 9 and earlier versions
> Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions

> Severity rating
>
> Adobe categorizes this as a critical issue and recommends that users update their
> virus definitions and exercise caution when opening files from untrusted sources.