Building VM sandbox environment for testing malicious documents? I found that sometimes tracking all the full versions and minor updates of Adobe Reader via Old Apps or Adobe.com and corresponding CVE numbers is more time consuming than actual testing. Here are all the necessary for testing versions available from Contagio download. In some cases you need to install the base version and then apply all the incremental updates to get to the version you needMany thanks to Malware tracker for making this easier - see their PDF threats timeline post here Current PDF Threats
Or, Download all together from HERE
Note: If you are here to patch your Adobe Reader, do not use this blog or any website except http://get.adobe.com/reader/
| Release | CVE ID | Description | Patch | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 2011-06-14 | CVE-2011-2100 |
------------------------------------------------ |
2011-06-14 >Reader 9.4.4 / 10.10 | ||||||
| 2011-04-11 | CVE-2011-0611 (pdf only, use Flash updates for other docs) | Safe with v. 9.4.4 DOWNLOAD ADOBE READER 9.4.4 (update) Adobe Flash embedded in Office or PDF documents, Flash exploit used in Amnesty UK website seeding attack. ------------------------------------------------ |
2011-04-21 >;; Reader 9.4.3 | ||||||
| 2011-03-14 | CVE-2011-0609 (in pdf only, use Flash updates for other docs) |
Safe with v. 9.4.3 DOWNLOAD ADOBE READER 9.4.3 (update) Adobe Flash vulnerability (discovered embedded in MS Excel XLS), XLS used in RSA compromise. ------------------------------------------------ |
2011-03-21 >;;Reader 9.4.2 | ||||||
| 2010-11-04 | CVE-2010-4091 | Safe with v. 9.4.2 DOWNLOAD ADOBE READER 9.4.2 (update) PDF Doc.printSeps memory corruption error. Reported by scup. ------------------------------------------------ |
2010-11-16 > 9.4.1 | ||||||
| 2010-10-28 | CVE-2010-3654 | Safe with v. 9.4.2 DOWNLOAD ADOBE READER 9.4.2 (update) Adobe Flash authplay exploit. ------------------------------------------------ |
2010-11-16 > 9.4.1 | ||||||
| 2010-09-09 | CVE-2010-2883 | Safe with v. 9.4. DOWNLOAD ADOBE READER 9.4 (full) Stack-based buffer overflow in CoolType.dll - parsing PDF embedded fonts. ------------------------------------------------ |
2010-10-05 > 9.4 | ||||||
| 2010-09-15 | CVE-2010-2884 | Safe with v. 9.4. DOWNLOAD ADOBE READER 9.4 (full) Unspecified vulnerability in Adobe Flash Player. ------------------------------------------------ | 2010-09-20 | ||||||
| 2010-08-05 | CVE-2010-2862 | Safe with v. 9.3.4 DOWNLOAD ADOBE READER 9.3.4 (full)Integer overflow in CoolType.dll. ------------------------------------------------ | 2010-08-20 | ||||||
| 2010 March/2010-04 05 | CVE-2010-1240 | Safe with v. 9.3.3 DOWNLOAD ADOBE READER 9.3.3 Open/Launch embedded exe via built in functionality, ability to change user prompt text. ------------------------------------------------ | 2010-06-29 | ||||||
| 2010-06-08 | CVE-2010-1297 | Safe with v. 9.3.3 DOWNLOAD ADOBE READER 9.3.3 Adobe Flash DoABC handling ------------------------------------------------ | 2010-06-10 | ||||||
| 2010-02-22 | CVE-2010-0188 | Safe with v. 9.3.1 DOWNLOAD ADOBE READER 9.3.1 LibTiff Integer Overflow (TIFF images). ------------------------------------------------ | 2010-02-16 | ||||||
| 2010-01-13 | CVE-2009-3957 | Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 NULL pointer dereference ------------------------------------------------ | 2010-01-12 | ||||||
| 2010-01-13 | CVE-2009-3954 | Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 DLL-loading vulnerability in 3D ------------------------------------------------ | 2010-01-12 | ||||||
| 2010-01-13 | CVE-2009-3953 CVE-2009-3959 | Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 array boundary issue in U3D CLODProgressiveMeshDeclaration ------------------------------------------------ | 2010-01-12 | ||||||
| 2009-12-15 | CVE-2009-4324 | Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 Use-after-free vulnerability in the Doc.media.newPlayer ------------------------------------------------ | 2010-01-12 | ||||||
| 2009-10-13 | CVE-2009-3459 | Safe with v. 9.2.0 DOWNLOAD ADOBE READER 9.2.0 Heap-based buffer overflow - FlateDecode Stream Predictor 02 Integer Overflow ------------------------------------------------ | 2009-10-13 | ||||||
| 2009-07-23 | CVE-2009-1862 | Safe with v. 9.1.3 DOWNLOAD ADOBE READER 9.1.3 Adobe Flash unspecified exploit ------------------------------------------------ | 2009-08-03 | ||||||
| 2009-04-30 | CVE-2009-1493 | Safe with v. 9.1.1 DOWNLOAD ADOBE READER 9.1.1 customDictionaryOpen buffer overflow - via long string in the second argument ------------------------------------------------ | 2009-05-12 | ||||||
| 2009-04-30 | CVE-2009-1492 | Safe with v. 9.1.1 DOWNLOAD ADOBE READER 9.1.1 getAnnots Doc method - via a PDF file that contains
an annotation, and has an OpenAction entry with JavaScript code that
calls this method with crafted integer arguments ------------------------------------------------ | 2009-05-12 | ||||||
| 2009-03-19 | CVE-2009-0927 | Safe with v. 9.1.0 DOWNLOAD ADOBE READER 9.1 Stack-based buffer overflow via a crafted argument to the getIcon method of a Collab object ------------------------------------------------ | 2009-04-09 | ||||||
| 2009-02-20 | CVE-2009-0658 | Safe with v. 9.1.0 DOWNLOAD ADOBE READER 9.1 Buffer overflow JBIG2 image ------------------------------------------------ | 2009-03-18 | ||||||
| 2008-11-04 | CVE-2008-2992 | Safe with v. 9.0 DOWNLOAD ADOBE READER 9.0 Stack-based buffer overflow via the util.printf JavaScript function with a crafted format string argument ------------------------------------------------ | 2008-11-04 | ||||||
| 2008-02-07 | CVE-2008-0655 (CVE-2007-5659) | Safe with v. 8.1.2 DOWNLOAD ADOBE READER 8.1.2 Buffer overflow via specially crafted arguments to Collab.collectEmailInfo ------------------------------------------------ | 2008-06-05 | ||||||
| 2007-09-21 | CVE-2007-5020 | Safe with v. 8.1.1 DOWNLOAD ADOBE READER 8.1.1 Vulnerability in Mailto ------------------------------------------------ | 2007-11-16 |
Thanks for taking the time to do this. Very helpful!
ReplyDelete