At the Black Hat Europe 2010 conference, taking place in Barcelona, Spain, from April the 12-th to April the 15-th, Haifei Li and Guillaume Lovet will give a presentation named "Adobe Reader’s Custom Memory Management: A Heap of Trouble“: [1] http://www.blackhat.com/html/bh-eu-10/bh-eu-10-briefings.html#Li focusing on the subject of custom heap management system, present in the Adobe Reader. As part of their presentation, they will publish a working exploit for "a PDF zero-day vulnerability they discovered recently in the latest Adobe Reader 9.3.1 (where Data Execution Prevention is enabled by default), as a demonstration of their research." [2] http://www.youtube.com/watch?v=9EVHtY1-0q8 [3] http://blog.fortinet.com/the-upcoming-blackhat-europe-2010-presentation/ As stated in [3]: "Please note that the vulnerability details are currently being protected by our Responsible Disclosure Policy. We are working actively with the Adobe Product Security Incident Response Team to arrange an appropriate timing to disclose the full details." The Red Hat Security Response Team is aware and monitoring progress on this flaw, cooperating with Adobe Product Security Incident Response Team and once further information is available regarding this threat, will immediately react to ensure it will be addressed in a timely manner.
MITRE has assigned CVE-2010-1241 to this issue; so changing the CVE name accordingly.
This issue has been addressed in following products: Extras for RHEL 4 Extras for Red Hat Enterprise Linux 5 Via RHSA-2010:0349 https://rhn.redhat.com/errata/RHSA-2010-0349.html