Adobe Acrobat and Reader Image Stream Code Execution Vulnerability
Last Update Date:
28 Jan 2011
Release Date:
23 Feb 2009
4867
Views
RISK: Medium Risk
A vulnerability has been identified in Adobe Acrobat and Reader, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a buffer overflow error when processing a malformed image stream within a PDF document, which could allow attackers to cause a vulnerable application to crash or execute arbitrary code by tricking a user into opening a specially crafted PDF file.
Note: This vulnerability is being exploited in the wild.
Impact
- Remote Code Execution
System / Technologies affected
- Adobe Reader versions 9.x
- Adobe Reader versions 8.x
- Adobe Reader versions 7.x
- Adobe Acrobat Standard versions 9.x
- Adobe Acrobat Standard versions 8.x
- Adobe Acrobat Standard versions 7.x
- Adobe Acrobat Pro versions 9.x
- Adobe Acrobat Pro versions 8.x
- Adobe Acrobat Pro versions 7.x
- Adobe Acrobat Pro Extended versions 9.x
Solutions
Before installation of the software, please visit the software manufacturer web-site for more details.
- Upgrade to version 9.1
- Adobe Reader
http://get.adobe.com/reader/ - Acrobat 9 Standard and Acrobat 9 Pro (Windows):
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4375
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4382 - Acrobat 9 Pro Extended (Windows):
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4381 - Acrobat 9 Pro (Macintosh):
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4374
Vulnerability Identifier
Source
Related Link
- http://www.auscert.org.au/render.html?it=10621
- http://www.adobe.com/support/security/bulletins/apsb09-03.html
- http://www.vupen.com/english/advisories/2009/0472
- http://secunia.com/advisories/33901/
- http://www.us-cert.gov/cas/techalerts/TA09-051A.html
- http://www.adobe.com/support/security/advisories/apsa09-01.html
Share with