JVNDB-2012-000079

Adobe Reader fails to properly handle signatures

Adobe Reader fails to properly handle RSA signatures.

Adobe Reader contains an issue where it may fail to properly verify RSA signatures.

Masahiko Takenaka of FUJITSU LABORATORIES LTD. reported this vulnerability to IPA.
JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.

Adobe Systems, Inc.

• Adobe Reader 8.x and earlier

Hitachi, Ltd

• Cosminexus Application Server Enterprise Version 6
• Cosminexus Application Server Standard Version 6
• Cosminexus Application Server Version 5
• Cosminexus Developer Light Version 6
• Cosminexus Developer Professional Version 6
• Cosminexus Developer Standard Version 6
• Cosminexus Developer Version 5
• Cosminexus Server - Enterprise Edition
• Cosminexus Server - Standard Edition
• Cosminexus Server - Standard Edition Version 4
• Cosminexus Server - Web Edition
• Cosminexus Server - Web Edition Version 4
• Hitachi Web Server
• uCosminexus Application Server Enterprise
• uCosminexus Application Server Standard
• uCosminexus Developer Professional
• uCosminexus Developer Light
• uCosminexus Developer Standard
• uCosminexus Service Architect
• uCosminexus Service Platform

Please refer to HS07-034 provided by Hitachi for more details.

An attacker may be able to forge an RSA signature on a PDF document.

[Update the software]
Update to the latest version according to the information provided by the developer.

Note that this issue was resolved in Adobe Reader 9.

Adobe Systems, Inc.

• Adobe : Adobe Reader

Hitachi, Ltd

• Hitachi Software Vulnerability Information : HS07-034

1. Credentials Management(CWE-255) [IPA Evaluation]

1. CVE-2006-4339

1. JVN : JVN#51615542
2. National Vulnerability Database (NVD) : CVE-2006-4339
3. US-CERT Vulnerability Note : US-CERT Vulnerability Note VU#845620

• [2012/08/30]
    Web page was published
  [2014/05/23]
    Affected Products : Products were added
    Vendor Information : Content was added