1. Skip to navigation
  2. Skip to content
  3. Skip to secondary-content

Where You Are

  1. Labs
  2. Security Threats
  3. Vulnerability Reports
  4. SA200900865

Adobe Reader/Acrobat Multiple Vulnerabilities

Report ID: SA200900865
Source: Secunia
Date of Discovery: 20.02.2009
Criticality: Critical
Affects:
Adobe Acrobat 7 Professional
Adobe Acrobat 7.x
Adobe Acrobat 8 Professional
Adobe Acrobat 8.x
Adobe Acrobat 9.x
Adobe Reader 7.x
Adobe Reader 8.x
Adobe Reader 9.x
Compromise From: From remote
Compromise Type: System access

Summary

Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.

Detailed Description

Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system.

1) An array indexing error in the processing of JBIG2 streams can be exploited to corrupt arbitrary memory via a specially crafted PDF file.

Successful exploitation allows execution of arbitrary code.

NOTE: This vulnerability is currently being actively exploited.

2) An error when processing JavaScript calls to the "getIcon()" method of a "Collab" object can be exploited to cause a stack-based buffer overflow via a specially crafted argument.

NOTE: This is already fixed in Adobe Acrobat/Reader 8.1.3.

3) A boundary error in the processing of JBIG2 streams can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file containing a malformed JBIG2 symbol dictionary segment.

4) A boundary error in the processing of JBIG2 streams can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file.

5) A boundary error in the processing of JBIG2 streams while initialising memory can be exploited to trigger a memory corruption via a specially crafted PDF file.

6) An unspecified input validation error in the processing of JBIG2 streams can be exploited to potentially execute arbitrary code.

Solution

Adobe Reader 9:
Update to version 9.1:
http://get.adobe.com/reader/

Adobe Reader 7 and 8 for Windows:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/download....jsp?product=10&platform=Windows

Adobe Reader 7 and 8 for Macintosh:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/download...sp?product=10&platform=Macintosh

Acrobat 9 Standard and Acrobat 9 Pro for Windows:
Update to version 9.1:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4375
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4382

Acrobat 9 Pro Extended for Windows:
Update to version 9.1:
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4381

Acrobat 9 Pro for Macintosh:
Update to Acrobat 9.1.
http://www.adobe.com/support/downloads/detail.jsp?ftpID=4374

Adobe Acrobat 8 for Windows:
Update to version 8.1.4:
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows

Adobe Acrobat 8 for Macintosh:
Update to version 8.1.4:
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh

Adobe Acrobat 3D Version 8 for Windows:
Update to version 8.1.4:
http://www.adobe.com/support/download....jsp?product=112&platform=Windows

Adobe Acrobat 7 for Windows:
Update to version 7.1.1:
http://www.adobe.com/support/download...ct.jsp?product=1&platform=Windows

Adobe Acrobat 7 for Macintosh:
Update to version 7.1.1:
http://www.adobe.com/support/download....jsp?product=1&platform=Macintosh

Acrobat 3D Version 7 for Windows:
Update to version 7.1.1:
http://www.adobe.com/support/download....jsp?product=112&platform=Windows

Adobe Reader 7 and 8 for UNIX:
Update to version 7.1.1 or 8.1.4:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix

Adobe Reader 9 for UNIX:
Update to version 9.1:
http://get.adobe.com/reader/

Original Reference

-