|
| |
|
Security Intelligence Operations
|
Adobe Acrobat Reader customDictionaryOpen Buffer Overflow Vulnerability |
| |
| Vulnerability Alert | Powered by  |
|
|
| Threat Type: | Unintended Weakness: Arbitrary Code Execution |
|
| IntelliShield ID: | 18091 |
| Version: | 6 |
| First Published: | April 28, 2009 04:14 PM EDT |
| Last Published: | September 03, 2009 03:52 PM EDT |
| Vector: | Network |
| Authentication: | None |
| Exploit: | Proof-of-Concept |
| Port: |
Not Available
|
| CVE: | CVE-2009-1493 |
| BugTraq ID: | 34740 |
| |
| Urgency: |
Unlikely Use
|  |
| Credibility: |
Confirmed
|  |
| Severity: |
Mild Damage
|  |
| CVSS Base: | 6.8 |
CVSS Calculator
CVSS Version 2
|
| CVSS Temporal: | 5.3 |
|
|
| |
| Version Summary: | Sun has re-released an alert notification and an official patch to address the customDictionaryOpen buffer overflow vulnerability in Acrobat Reader. |
| |
| |
| Description |
|
Adobe Acrobat Reader versions 9.1 and prior and 8.1.4 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code.
The vulnerability exists when malicious PDF files are viewed in the affected application. An unauthenticated, remote attacker could exploit this vulnerability by constructing a malicious PDF file and convincing a targeted user to view it with the vulnerable application. The attacker could leverage the resulting memory corruption to execute arbitrary code with the privileges of the user.
Proof-of-concept code that demonstrates code execution on the Linux platform is available.
Adobe confirmed this vulnerability in a security advisory and released software updates. |
| |
| Warning Indicators |
|
|
Adobe Acrobat Reader versions 9.1 and prior and 8.1.4 and prior are vulnerable on Linux or UNIX platforms. |
| |
| IntelliShield Analysis |
|
Exploitation requires an attacker to convince a user to view a malicious PDF file. The PDF file may be sent as an attachment to an e-mail, or the attacker may send users a link to a web page that is hosting the malicious file. Because PDFs are often perceived as safe file types, it may not be difficult to convince users to view a malicious one. |
| |
 Vendor Announcements |
|
Adobe has released a security bulletin at the following link: APSB09-06
Red Hat has released a security advisory available at the following link: RHSA-2009:0478
Sun has re-released an alert notification at the following link: 259028
US-CERT has released a vulnerability note at the following link: VU#970180 |
|
| |
| Impact |
|
An unauthenticated, remote attacker could exploit this vulnerability to execute arbitrary code on an affected system with the privileges of the user. |
| |
| Technical Information |
|
The vulnerability exists when the affected application handles embedded JavaScript in a PDF file. An unauthenticated, remote attacker could exploit this vulnerability by crafting a PDF file that contains malicious JavaScript that is designed to exploit a buffer overflow error in the spell.customDictionaryOpen method. The attacker could leverage the resulting memory corruption to execute arbitrary code on the affected system with the privileges of the user. |
| |
| Safeguards |
|
Administrators are advised to apply the appropriate software updates.
Adobe has provided an official workaround in their advisory. JavaScript can be disabled for the affected applications. Users are advised to disable JavaScript in Acrobat and Reader until patches become available.
Users are advised not to follow unsolicited links. Users should verify the authenticity of unexpected links prior to following them.
Users are advised not to open unexpected e-mail attachments or executables from untrusted sources. |
| |
| Patches/Software |
|
Adobe has released a software update at the following link: Adobe Reader for UNIX
Red Hat packages can be updated using the up2date or yum command.
Sun has released a patch at the following link:
SPARC
Solaris 10 with patch 121104-08 or later |
|
| Signatures |
| |
|
|
| |
| Alert History |
| |
Version 5, July 15, 2009, 12:54 PM: Sun has re-released an alert notification and an Interim Security Relief to address the customDictionaryOpen buffer overflow vulnerability in Acrobat Reader.
Version 4, May 19, 2009, 11:33 AM: Adobe has released an additional security advisory and updates to address the customDictionaryOpen buffer overflow vulnerability in Acrobat Reader.
Version 3, May 18, 2009, 11:13 AM: Red Hat has released a security advisory and updates and Sun has released an alert notification to address the buffer overflow vulnerability in Acrobat Reader.
Version 2, May 5, 2009, 10:26 AM: Adobe Product Security Incident Response Team has confirmed an Adobe Reader vulnerability that could allow an unauthenticated, remote attacker to execute arbitrary code with the privileges of the user. The vulnerability affects Unix versions of Adobe Reader. Updates are not available. US-CERT has released a vulnerability note.
Version 1, April 28, 2009, 4:14 PM: Adobe Acrobat Reader contains a vulnerability when it handles embedded JavaScript code that could allow an unauthenticated, remote attacker to execute arbitrary code. Updates are not available. |
|
Product Sets |
| |
The security vulnerability applies to the following combinations of products.
|
|
LEGAL DISCLAIMER
The urgency and severity ratings of this alert are not tailored to individual users; users may value alerts differently based upon their network configurations and circumstances. THE ALERT, AND INFORMATION CONTAINED THEREIN, ARE PROVIDED ON AN "AS IS" BASIS AND DO NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE ALERT, AND INFORMATION CONTAINED THEREIN, OR MATERIALS LINKED FROM THE ALERT, IS AT YOUR OWN RISK. INFORMATION IN THIS ALERT AND ANY RELATED COMMUNICATIONS IS BASED ON OUR KNOWLEDGE AT THE TIME OF PUBLICATION AND IS SUBJECT TO CHANGE WITHOUT NOTICE. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE ALERTS AT ANY TIME. |
|
|
| |
