Internet threat level: 1
Home→Descriptions→SA33901
Adobe Reader/Acrobat Multiple Vulnerabilities
| Secunia ID | |
| CVE-ID |
CVE-2009-0193, CVE-2009-0658, CVE-2009-0927, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062 |
| Release Date |
20 Feb 2009 |
| Last Change |
25 Mar 2009 |
| Criticality | |
| Solution Status |
Vendor Patch |
| Software |
Adobe Acrobat 7 Professional |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
Some vulnerabilities have been reported in Adobe Reader/Acrobat, which can be exploited by malicious people to compromise a user's system. 1) An array indexing error in the processing of JBIG2 streams can be exploited to corrupt arbitrary memory via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code. NOTE: This vulnerability is currently being actively exploited. 2) An error when processing JavaScript calls to the "getIcon()" method of a "Collab" object can be exploited to cause a stack-based buffer overflow via a specially crafted argument. NOTE: This is already fixed in Adobe Acrobat/Reader 8.1.3. 3) A boundary error in the processing of JBIG2 streams can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file containing a malformed JBIG2 symbol dictionary segment. 4) A boundary error in the processing of JBIG2 streams can be exploited to cause a heap-based buffer overflow via a specially crafted PDF file. 5) A boundary error in the processing of JBIG2 streams while initialising memory can be exploited to trigger a memory corruption via a specially crafted PDF file. 6) An unspecified input validation error in the processing of JBIG2 streams can be exploited to potentially execute arbitrary code. |
| Solution |
Adobe Reader 9: Adobe Reader 7 and 8 for Windows: Adobe Reader 7 and 8 for Macintosh: Acrobat 9 Standard and Acrobat 9 Pro for Windows: Acrobat 9 Pro Extended for Windows: Acrobat 9 Pro for Macintosh: Adobe Acrobat 8 for Windows: Adobe Acrobat 8 for Macintosh: Adobe Acrobat 3D Version 8 for Windows: Adobe Acrobat 7 for Windows: Adobe Acrobat 7 for Macintosh: Acrobat 3D Version 7 for Windows: Adobe Reader 7 and 8 for UNIX: Adobe Reader 9 for UNIX: |
| Reported by |
1) Reported as a 0-day. |
| Original Advisory |
Adobe: Secunia Research: ZDI: iDefense: iViZ Security Research: |
© 1997-2012 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.