Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
Database
Search
Advisories by Product
Advisories by Vendor
Terminology
Report Vulnerability
Insecure Library Loading
Highly critical

Adobe Acrobat/Reader Multiple Vulnerabilities

-

Release Date:  2008-11-04    Last Update:  2009-03-19    Views:  36,566

Secunia Advisory SA29773

Where:

From remote

Impact:

Privilege escalation, System access

Solution Status:

Vendor Patch

CVE Reference(s):

Description


Multiple vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious, local users to gain escalated privileges or by malicious people to compromise a user's system.

1) A boundary error exists when parsing format strings containing a floating point specifier in the "util.printf()" Javascript function. This can be exploited to cause a stack-based buffer overflow via a specially crafted PDF and allows execution of arbitrary code.

2) An out-of-bounds array indexing error when parsing embedded Type 1 fonts can be exploited to corrupt memory and may allow execution of arbitrary code.

3) An error in an AcroJS function used to perform HTTP authentication can be exploited to corrupt memory via an overly long string passed to the function. This may allow execution of arbitrary code.

4) An error when creating a Collab object and performing a specific sequence of actions on it can be exploited to corrupt memory. This may allow execution of arbitrary code.

5) An unspecified error when parsing malformed PDF objects can be exploited to corrupt memory, which may allow execution of arbitrary code.

6) An input validation error in the Download Manager used by Adobe Reader may allow code execution during the download process.

The vulnerability is related to:
SA32546

7) An error in the Download Manager used by Adobe Reader may result in a userís Internet Security options being changed during the download process.

8) An input validation error in a JavaScript method may allow code execution.

9) An unspecified privilege escalation vulnerability exists in the version for UNIX/Linux.

The vulnerabilities are reported in version 8.1.2 and prior.


Solution:
Update to version 7.1.1 and 8.1.3 or upgrade to version 9.

Provided and/or discovered by:
1) Independently discovered by:
* Dyon Balding, Secunia Research.
* Peter Vreugdenhil via ZDI.

2) Greg MacManus, iDefense Labs.
3) Reported by an anonymous person via iDefense.

4) Peter Vregdenhil via ZDI.
5) Javier Vicente Vallejo via ZDI.

6) Peter Vregdenhil via iDefense.
7) Reported by the vendor.
8) The vendor credits Thomas Garnier, SkyRecon Systems.
9) The vendor credits Josh Bressers, Red Hat.

Original Advisory:
Secunia Research:
http://secunia.com/secunia_research/2008-14/

Adobe:
http://www.adobe.com/support/security/bulletins/apsb08-19.html
http://www.adobe.com/support/security/bulletins/apsb09-04.html

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
http://www.zerodayinitiative.com/advisories/ZDI-08-073/
http://www.zerodayinitiative.com/advisories/ZDI-08-074/

iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=754
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756

Deep Links:
Links available to Secunia VIM customers

Do you have additional information related to this advisory?

Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this information to vuln@secunia.com

Subject: Adobe Acrobat/Reader Multiple Vulnerabilities

No posts yet

-

You must be logged in to post a comment.



 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Factsheets
Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability