Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Does Symantec protect against the "Adobe Reader / Acrobat Font Parsing Buffer Overflow" Vulnerability

  • 1.  Does Symantec protect against the "Adobe Reader / Acrobat Font Parsing Buffer Overflow" Vulnerability

    Posted Sep 09, 2010 10:09 AM
    Exploits for this vulnerability are detected as Bloodhound.Exploit.357

    A writeup should be available shortly: http://www.symantec.com/business/security_response/writeup.jsp?docid=2010-090901-2159-99

    AntiVirus definitions are included in the following Definitions set (or higher):
    Defs Version - 120908ax
    Extended Defs Version - 9/8/2010 rev. 50
    Sequence Number - 114797

    AntiVirus Definitions can be downloaded via the following pages: http://www.symantec.com/business/security_response/definitions.jsp

    Here are some useful inks:
    Adobe (Vulnerability identifier: APSA10-02): http://www.adobe.com/support/security/advisories/apsa10-02.html 
    Secunia (Secunia Advisory SA41340): http://secunia.com/advisories/41340/ 
    CVE (CVE number: CVE-2010-2883): http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2010-2883 


  • 2.  RE: Does Symantec protect against the "Adobe Reader / Acrobat Font Parsing Buffer Overflow" Vulnerability

    Posted Sep 09, 2010 10:20 AM
    Hello Lockdown Wizard,

    You are correct!  I can confirm that, with the latest definitions, Symantec does provide protection against exploits that take advantage of this vulnerability.

    The write-up for has not yet been posted, but there is a listing for it visible on http://www.symantec.com/business/security_response/threatexplorer/index.jsp.

    There are no corresponding IPS attack signatures possible for this threat.

    Thanks and best regards,

    Mick