Description: Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a user's system.
1) Multiple boundary errors in several unspecified JavaScript methods can be exploited to cause stack-based buffer overflows via a specially crafted .PDF file.
Successful exploitation allows execution of arbitrary code.
NOTE: The vulnerability is reportedly being exploited in the wild.
2) An unspecified insecure JavaScript method in EScript.api can be exploited to execute arbitrary code via a specially crafted .PDF file.
3) An error in the loading of "Security Provider" libraries can be exploited to execute arbitrary code by e.g. tricking a user into opening a .PDF file in a directory that contains a malicious library with the same filename as a "Security Provider" library.
4) The insecure JavaScript method "DOC.print()" can be exploited to silently print a specially crafted PDF file.
5) An integer overflow in the "printSepsWithParams()" JavaScript method can be exploited to cause a memory corruption via a specially crafted .PDF file.
Successful exploitation allows execution of arbitrary code.
6) Two boundary errors within Acrobat Distiller can be exploited to cause heap-based buffer overflows via specially crafted .joboptions files containing overly long (greater than 160 characters) font names within the "/AlwaysEmbed" and "/NeverEmbed" parameters.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities affect the following versions:
* Adobe Reader 8.1.1 and earlier
* Adobe Acrobat Professional, 3D and Standard 8.1.1 and earlier
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Provided and/or discovered by: 1-3) Greg MacManus of iDefense Labs
4) cocoruder of Fortinet Security Research Team
5) An anonymous researcher, reported via ZDI
6) Paul Craig of Security-Assessment.com
The vendor also credits:
* Tavis Ormandy and Will Drewry of the Google Security Team
Changelog: 2008-02-08: Updated advisory based on additional information from the vendor. Updated link to vendor's advisory.
2008-02-11: Updated advisory based on additional information from iDefense Labs and Fortinet. Added links and CVE references.
2008-02-12: Added vulnerability #5 based on information from ZDI. Added link to ZDI. Added CVE reference and link to US-CERT.
2008-02-13: Added link to US-CERT.
2008-02-13: Added CVE reference.
2008-05-15: Added vulnerability #6 based on information from Security-Assessment.com. Added link to Security-Assessment.com. Updated "Description" section and removed "Unknown" impact.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
