SUSE-SA:2009:014

SUSE-SR:2009:009

34490

34706

34790

GLSA-200904-17

256788

http://www.adobe.com/support/security/bulletins/apsb09-04.html

9579

20090324 ZDI-09-014: Adobe Acrobat getIcon() Stack Overflow Vulnerability

34169

1021861

ADV-2009-0770

ADV-2009-1019

http://www.zerodayinitiative.com/advisories/ZDI-09-014

adobe-unspecified-javascript-code-execution(49312)

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files.

(CVE-2009-0658 / CVE-2009-0927 / CVE-2009-0193 / CVE-2009-0928 / CVE-2009-1061 / CVE-2009-1062)

The version of Adobe Acrobat installed on the remote host is earlier than 9.1 / 8.1.4 / 7.1.1.  Such versions are reportedly affected by multiple vulnerabilities :

  - An integer buffer overflow can be triggered when     processing a malformed JBIG2 image stream with the     '/JBIG2Decode' filter. (CVE-2009-0658)

  - A vulnerability in the 'getIcon()' JavaScript method of     a Collab object could allow for remote code execution.
    (CVE-2009-0927)

  - Additional vulnerabilities involving handling of JBIG2     image streams could lead to remote code execution.
    (CVE-2009-0193, CVE-2009-0928, CVE-2009-1061,     CVE-2009-1062)

If an attacker can trick a user into opening a specially crafted PDF file, he can exploit these flaws to execute arbitrary code subject to the user's privileges.

Updated acroread packages that fix various security issues are now available for Red Hat Enterprise Linux 3 Extras, Red Hat Enterprise Linux 4 Extras, and Red Hat Enterprise Linux 5 Supplementary.

This update has been rated as having critical security impact by the Red Hat Security Response Team.

Adobe Reader allows users to view and print documents in Portable Document Format (PDF).

Several input validation flaws were discovered in Adobe Reader. A malicious PDF file could cause Adobe Reader to crash or, potentially, execute arbitrary code as the user running Adobe Reader.
(CVE-2008-2549, CVE-2008-2992, CVE-2008-4812, CVE-2008-4813, CVE-2008-4814, CVE-2008-4817)

The Adobe Reader binary had an insecure relative RPATH (runtime library search path) set in the ELF (Executable and Linking Format) header. A local attacker able to convince another user to run Adobe Reader in an attacker-controlled directory could run arbitrary code with the privileges of the victim. (CVE-2008-4815)

All acroread users are advised to upgrade to these updated packages, that contain Adobe Reader version 8.1.3, and are not vulnerable to these issues.

Multiple flaws in the JBIG2 decoder and the JavaScript engine of the Adobe Reader allowed attackers to crash acroread or even execute arbitrary code by tricking users into opening specially crafted PDF files.

(CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062)

The remote host is affected by the vulnerability described in GLSA-200904-17 (Adobe Reader: User-assisted execution of arbitrary code)

    Multiple vulnerabilities have been discovered in Adobe Reader:
    Alin Rad Pop of Secunia Research reported a heap-based buffer overflow     when processing PDF files containing a malformed JBIG2 symbol     dictionary segment (CVE-2009-0193).
    A buffer overflow related to a non-JavaScript function call and     possibly an embedded JBIG2 image stream has been reported     (CVE-2009-0658).
    Tenable Network Security reported a stack-based buffer overflow that     can be triggered via a crafted argument to the getIcon() method of a     Collab object (CVE-2009-0927).
    Sean Larsson of iDefense Labs reported a heap-based buffer overflow     when processing a PDF file containing a JBIG2 stream with a size     inconsistency related to an unspecified table (CVE-2009-0928).
    Jonathan Brossard of the iViZ Security Research Team reported an     unspecified vulnerability related to JBIG2 and input validation     (CVE-2009-1061).
    Will Dormann of CERT/CC reported a vulnerability lading to memory     corruption related to JBIG2 (CVE-2009-1062).
  Impact :

    A remote attacker could entice a user to open a specially crafted PDF     document, possibly leading to the execution of arbitrary code with the     privileges of the user running the application, or a Denial of Service.
  Workaround :

    There is no known workaround at this time.

The version of Adobe Reader installed on the remote host is earlier than 9.1 / 8.1.4 / 7.1.1.  Such versions are reportedly affected by multiple vulnerabilities :

  - An integer buffer overflow can be triggered when     processing a malformed JBIG2 image stream with the     '/JBIG2Decode' filter. (CVE-2009-0658)

  - A vulnerability in the 'getIcon()' JavaScript method of     a Collab object could allow for remote code execution.     (CVE-2009-0927)

  - Additional vulnerabilities involving handling of JBIG2     image streams could lead to remote code execution.
    (CVE-2009-0193, CVE-2009-0928, CVE-2009-1061,     CVE-2009-1062)

If an attacker can trick a user into opening a specially crafted PDF file, these flaws can exploited to execute arbitrary code subject to the user's privileges.

ID	Name	Product	Family	Severity
51705	SuSE 10 Security Update : acroread_ja (ZYPP Patch Number 6161)	Nessus	SuSE Local Security Checks	critical
51690	SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6121)	Nessus	SuSE Local Security Checks	critical
41365	SuSE 11 Security Update : acroread_ja (SAT Patch Number 769)	Nessus	SuSE Local Security Checks	critical
41362	SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 690)	Nessus	SuSE Local Security Checks	critical
40803	Adobe Acrobat < 9.1 / 8.1.4 / 7.1.1 Multiple Vulnerabilities	Nessus	Windows	high
40730	RHEL 3 / 4 / 5 : acroread (RHSA-2008:0974)	Nessus	Red Hat Local Security Checks	high
40182	openSUSE Security Update : acroread (acroread-689)	Nessus	SuSE Local Security Checks	critical
39906	openSUSE Security Update : acroread (acroread-689)	Nessus	SuSE Local Security Checks	critical
36196	GLSA-200904-17 : Adobe Reader: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	critical
36033	openSUSE 10 Security Update : acroread (acroread-6120)	Nessus	SuSE Local Security Checks	critical
35821	Adobe Reader < 9.1 / 8.1.4 / 7.1.1 Multiple Vulnerabilities	Nessus	Windows	high

CVE-2009-0927

HIGH

Description

References

Details

Risk Information

CVSS v2.0

Vulnerable Software

Configuration 1

Tenable Plugins

critical

critical

critical

critical

high

high

critical

critical

critical

critical

high