Adobe Reader and Acrobat are prone to an overflow condition. The programs fail to properly sanitize MINDEX opcodes supplied within true type fonts, resulting in a buffer overflow. With a specially crafted PDF file, a context-dependent attacker can potentially execute arbitrary code.

Upgrade to version 10.1.3 or 9.5.1 or higher, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

• Security Tracker: 1026908
• CVE ID: 2012-0774 (see also: NVD)
• Secunia Advisory ID: 48733 48756 48846 49667
• Related OSVDB ID: 81247 81248 81249
• Other Advisory URL: http://dvlabs.tippingpoint.com/advisory/TPTI-12-03
• Vendor Specific News/Changelog Entry: http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00013.html
  http://security.gentoo.org/glsa/glsa-201206-14.xml
• Vendor Specific Advisory URL: http://www.adobe.com/support/security/bulletins/apsb12-08.html
• RedHat RHSA: RHSA-2012:0469

• Peter Vreugdenhil - TippingPoint DVLabs