Executive Summary
Summary | |
---|---|
Title | Adobe Acrobat and Reader Vulnerability |
Informations | |||
---|---|---|---|
Name | TA09-051A | First vendor Publication | 2009-02-20 |
Vendor | US-CERT | Last vendor Modification | 2009-02-20 |
Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Adobe has released Security Bulletin APSB09-01, which describes a vulnerability that affects Adobe Reader and Acrobat. This vulnerability could allow a remote attacker to execute arbitrary code. I. Description Adobe Security Bulletin APSB09-01 describes a memory-corruption vulnerability that affects Adobe Reader and Acrobat. Further details are available in Vulnerability Note VU#905281. An attacker could exploit these vulnerabilities by convincing a user to load a specially crafted Adobe Portable Document Format (PDF) file. II. Impact An attacker may be able to execute arbitrary code. III. Solution Disable JavaScript in Adobe Reader and Acrobat Disabling Javascript may prevent some exploits from resulting in code execution. Acrobat JavaScript can be disabled using the Preferences menu (Edit -> Preferences -> JavaScript and un-check Enable Acrobat JavaScript). Prevent Internet Explorer from automatically opening PDF documents The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file: Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\AcroExch.Document.7] Disable the display of PDF documents in the web browser Preventing PDF documents from opening inside a web browser will partially mitigate this vulnerability. If this workaround is applied it may also mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser, do the following: Do not access PDF documents from untrusted sources Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010. |
Original Source
Url : http://www.us-cert.gov/cas/techalerts/TA09-051A.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:5697 | |||
Oval ID: | oval:org.mitre.oval:def:5697 | ||
Title: | Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier (APSA09-01) | ||
Description: | Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2009-0658 | Version: | 9 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Vista Microsoft Windows Server 2003 Microsoft Windows Server 2008 | Product(s): | Adobe Acrobat Adobe Reader |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
SAINT Exploits
Description | Link |
---|---|
Adobe Reader JBIG2 image stream buffer overflow | More info here |
OpenVAS Exploits
Date | Description |
---|---|
2009-04-28 | Name : SuSE Security Summary SUSE-SR:2009:009 File : nvt/suse_sr_2009_009.nasl |
2009-04-20 | Name : Gentoo Security Advisory GLSA 200904-17 (acroread) File : nvt/glsa_200904_17.nasl |
2009-03-31 | Name : RedHat Security Advisory RHSA-2009:0376 File : nvt/RHSA_2009_0376.nasl |
2009-03-31 | Name : SuSE Security Advisory SUSE-SA:2009:014 (acroread) File : nvt/suse_sa_2009_014.nasl |
2009-03-03 | Name : Buffer Overflow Vulnerability in Adobe Reader (Linux) File : nvt/secpod_adobe_prdts_bof_vuln_lin.nasl |
2009-03-03 | Name : Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win) File : nvt/secpod_adobe_prdts_bof_vuln_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
52073 | Adobe Reader / Acrobat Document Handling JBIG2 Compression Overflow A buffer overflow exists in Acrobat and Acrobat Reader. They fail to validate PDF files which use JBIG2 compression routines resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2015-01-15 | Adobe Acrobat Reader PDF JBIG2 remote code execution attempt RuleID : 32786 - Revision : 2 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader PDF JBIG2 remote code execution attempt RuleID : 24124 - Revision : 5 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader PDF JBIG2 remote code execution attempt RuleID : 20575 - Revision : 13 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent with email RuleID : 15497 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent through email RuleID : 15496 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent by email RuleID : 15495 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent from email RuleID : 15494 - Revision : 7 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent in email RuleID : 15360 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Suspicious JBIG2 pdf file sent via email RuleID : 15359 - Revision : 8 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader JBIG2 remote code execution attempt RuleID : 15358 - Revision : 11 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader JBIG2 remote code execution attempt RuleID : 15357 - Revision : 14 - Type : FILE-PDF |
2014-01-10 | Adobe PDF JBIG2 remote code execution attempt RuleID : 15356 - Revision : 4 - Type : SMTP |
2014-01-10 | Adobe PDF JBIG2 remote code execution attempt RuleID : 15355 - Revision : 4 - Type : WEB-CLIENT |
2014-01-10 | Adobe PDF JBIG2 remote code execution attempt RuleID : 15354 - Revision : 4 - Type : SMTP |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6121.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6161.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-090325.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-090415.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_91.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-0376.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-090325.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-090325.nasl - Type : ACT_GATHER_INFO |
2009-04-21 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200904-17.nasl - Type : ACT_GATHER_INFO |
2009-03-27 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6120.nasl - Type : ACT_GATHER_INFO |
2009-03-11 | Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_91.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2013-05-11 00:53:41 |
|