Pages

Tuesday, August 9, 2011

Adobe Reader versions vs corresponding exploits (CVE numbered) - Downloads for testing




Building VM sandbox environment for testing malicious documents? I found that sometimes tracking all the full versions and minor updates of Adobe Reader via Old Apps or Adobe.com and corresponding CVE numbers is more time consuming than actual testing.  Here are all the necessary for testing versions available from Contagio download. In some cases you need to install the base version and then apply all the incremental updates to get to the version you need

Many thanks to Malware tracker for making this easier - see their PDF threats timeline post here Current PDF Threats

Or, Download all together from HERE




Note: If you are here to patch your Adobe Reader, do not use this blog or any website except http://get.adobe.com/reader/

ReleaseCVE IDDescription


Patch








2011-06-14CVE-2011-2100
Safe with v. 9.4.5 and 10.1 DOWNLOAD ADOBE READER 9.4.5 (update)
DOWNLOAD ADOBE READER 10.10

 ------------------------------------------------



2011-06-14 >Reader 9.4.4 / 10.10
2011-04-11CVE-2011-0611 (pdf only, use Flash updates for other docs) Safe with v. 9.4.4  DOWNLOAD ADOBE READER 9.4.4 (update)
Adobe Flash embedded in Office or PDF documents, Flash exploit used in Amnesty UK website seeding attack.
------------------------------------------------



2011-04-21 >;; Reader 9.4.3
2011-03-14CVE-2011-0609
(in pdf only, use Flash updates for other docs)
Safe with v. 9.4.3 DOWNLOAD ADOBE READER 9.4.3 (update)
Adobe Flash vulnerability (discovered embedded in MS Excel XLS), XLS used in RSA compromise.
------------------------------------------------



2011-03-21 >;;Reader 9.4.2
2010-11-04CVE-2010-4091 Safe with v. 9.4.2 DOWNLOAD ADOBE READER 9.4.2 (update)
PDF Doc.printSeps memory corruption error. Reported by scup.
------------------------------------------------



2010-11-16 > 9.4.1
2010-10-28CVE-2010-3654 Safe with v. 9.4.2 DOWNLOAD ADOBE READER 9.4.2 (update)
Adobe Flash authplay exploit.
------------------------------------------------



2010-11-16 > 9.4.1
2010-09-09CVE-2010-2883 Safe with v. 9.4. DOWNLOAD ADOBE READER 9.4 (full) Stack-based buffer overflow in CoolType.dll - parsing PDF embedded fonts.
------------------------------------------------



2010-10-05 > 9.4
2010-09-15CVE-2010-2884 Safe with v. 9.4. DOWNLOAD ADOBE READER 9.4 (full) Unspecified vulnerability in Adobe Flash Player.
------------------------------------------------



2010-09-20
2010-08-05CVE-2010-2862 Safe with v. 9.3.4 DOWNLOAD ADOBE READER 9.3.4 (full)Integer overflow in CoolType.dll.
------------------------------------------------



2010-08-20
2010 March/2010-04 05CVE-2010-1240 Safe with v. 9.3.3 DOWNLOAD ADOBE READER 9.3.3 Open/Launch embedded exe via built in functionality, ability to change user prompt text.
------------------------------------------------



2010-06-29
2010-06-08CVE-2010-1297 Safe with v. 9.3. DOWNLOAD ADOBE READER  9.3.3  
Adobe Flash DoABC handling
------------------------------------------------



2010-06-10
2010-02-22CVE-2010-0188 Safe with v. 9.3.1 DOWNLOAD ADOBE READER 9.3.1 LibTiff Integer Overflow (TIFF images).
------------------------------------------------



2010-02-16
2010-01-13CVE-2009-3957 Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0
NULL pointer dereference
------------------------------------------------



2010-01-12
2010-01-13CVE-2009-3954 Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0
DLL-loading vulnerability in 3D
------------------------------------------------



2010-01-12
2010-01-13CVE-2009-3953 CVE-2009-3959 Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 array boundary issue in U3D CLODProgressiveMeshDeclaration
 ------------------------------------------------



2010-01-12
2009-12-15CVE-2009-4324 Safe with v. 9.3.0 DOWNLOAD ADOBE READER 9.3.0 Use-after-free vulnerability in the Doc.media.newPlayer
------------------------------------------------ 



2010-01-12
2009-10-13CVE-2009-3459 Safe with v. 9.2.0 DOWNLOAD ADOBE READER 9.2.0 Heap-based buffer overflow - FlateDecode Stream Predictor 02 Integer Overflow
------------------------------------------------ 



2009-10-13
2009-07-23CVE-2009-1862 Safe with v. 9.1.3  DOWNLOAD ADOBE READER 9.1.3 Adobe Flash unspecified exploit
------------------------------------------------ 



2009-08-03
2009-04-30CVE-2009-1493 Safe with v. 9.1.1  DOWNLOAD ADOBE READER 9.1.1 customDictionaryOpen buffer overflow - via long string in the second argument
------------------------------------------------ 



2009-05-12
2009-04-30CVE-2009-1492 Safe with v. 9.1.1  DOWNLOAD ADOBE READER 9.1.1 getAnnots Doc method - via a PDF file that contains an annotation, and has an OpenAction entry with JavaScript code that calls this method with crafted integer arguments
------------------------------------------------ 



2009-05-12
2009-03-19CVE-2009-0927 Safe with v. 9.1.0   DOWNLOAD ADOBE READER 9.1  Stack-based buffer overflow via a crafted argument to the getIcon method of a Collab object
------------------------------------------------ 



2009-04-09






2009-02-20CVE-2009-0658 Safe with v. 9.1.0   DOWNLOAD ADOBE READER 9.1  Buffer overflow JBIG2 image
------------------------------------------------ 



2009-03-18
2008-11-04CVE-2008-2992 Safe with v. 9.0   DOWNLOAD ADOBE READER 9.0  Stack-based buffer overflow via the util.printf JavaScript function with a crafted format string argument
------------------------------------------------ 



2008-11-04
2008-02-07CVE-2008-0655 (CVE-2007-5659) Safe with v. 8.1.2   DOWNLOAD ADOBE READER 8.1.2  Buffer overflow via specially crafted arguments to Collab.collectEmailInfo
------------------------------------------------ 



2008-06-05
2007-09-21CVE-2007-5020 Safe with v. 8.1.1   DOWNLOAD ADOBE READER 8.1.1 Vulnerability in Mailto
------------------------------------------------ 



2007-11-16

1 comment: