Executive Summary
Summary | |
---|---|
Title | Adobe Reader contains multiple vulnerabilities in the processing of JPX data |
Informations | |||
---|---|---|---|
Name | VU#568153 | First vendor Publication | 2009-06-09 |
Vendor | VU-CERT | Last vendor Modification | 2009-06-17 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#568153Adobe Reader contains multiple vulnerabilities in the processing of JPX dataOverviewAdobe Reader and Acrobat contain multiple vulnerabilities that may allow an attacker to execute arbitrary code.I. DescriptionAdobe Acrobat Reader is software designed to view Portable Document Format (PDF) files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser. Adobe Reader and Acrobat contain multiple vulnerabilities in the handling of JPX (JPEG2000) streams. These vulnerabilities may result in heap memory corruption.II. ImpactBy convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.III. SolutionApply an updateThis issue is addressed in Adobe Reader and Acrobat versions 9.1.2, 8.1.6, and 7.1.3. More details are available in Adobe Security Bulletin APSB09-07.
[HKEY_CLASSES_ROOTAcroExch.Document.7] "EditFlags"=hex:00,00,00,00 Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities. To prevent PDF documents from automatically being opened in a web browser:
Adobe Acrobat and Reader integrate themselves with the Windows shell. The file pdfshell.dll is used to configure Windows Explorer to launch Adobe components to render, preview, and obtain details from a PDF document, all without actually opening the PDF document itself. Windows shell integration for Adobe Acrobat and Reader can be disabled by unregistering the pdfshell.dll by running the following command:
Adobe Reader and Adobe Acrobat install an Indexing Service filter that is used to parse PDF files. These filters are provided by AcroRdIF.dll and AcroIF.dll, respectively. When an application that uses the Adobe IFilters indexes a malicious PDF document, the vulnerability may be triggered. This attack vector can be mitigated by unregistering the Adobe IFilter files. Adobe Acrobat users should locate the Acrobat directory and run: regsvr32 /u AcroIF.dll Adobe Reader users should locate the Adobe Reader directory and run: regsvr32 /u AcroRdIF.dll Note: After disabling the Windows shell integration or the Indexing Service filter by unregistering the appropriate DLL, the Windows Installer MSI resiliency feature may trigger a "repair" of those features when an advertised shortcut for Adobe Reader is clicked. To prevent this from occurring, delete the Adobe Reader icon from the Windows start menu and then re-create a normal, non-advertised shortcut. More details are available in the CERT/CC Vulnerability Analysis Blog. Do not access PDF documents from untrusted sources Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010. Systems Affected
Referenceshttp://www.us-cert.gov/cas/tips/ST04-010.html This vulnerability was reported by Will Dormann of the CERT/CC. This document was written by Will Dormann.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/568153 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-09-09 | Name : SuSE Security Summary SUSE-SR:2009:014 File : nvt/suse_sr_2009_014.nasl |
2009-07-29 | Name : Gentoo Security Advisory GLSA 200907-06 (acroread) File : nvt/glsa_200907_06.nasl |
2009-07-06 | Name : SuSE Security Advisory SUSE-SA:2009:035 (acroread) File : nvt/suse_sa_2009_035.nasl |
2009-07-06 | Name : SuSE Security Summary SUSE-SR:2009:012 File : nvt/suse_sr_2009_012.nasl |
2009-06-23 | Name : RedHat Security Advisory RHSA-2009:1109 File : nvt/RHSA_2009_1109.nasl |
2009-06-16 | Name : Adobe Reader Multiple BOF Vulnerabilities - Jun09 (Linux) File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_lin.nasl |
2009-06-16 | Name : Adobe Reader/Acrobat Multiple BOF Vulnerabilities - Jun09 (Win) File : nvt/gb_adobe_prdts_mult_bof_vuln_jun09_win.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
56118 | Adobe Reader / Acrobat PDF File JPX (aka JPEG2000) Stream Handling Multiple O... |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt RuleID : 25767 - Revision : 6 - Type : FILE-PDF |
2014-01-10 | Adobe Acrobat Reader JPX malformed code-block width memory corruption attempt RuleID : 15562 - Revision : 14 - Type : FILE-PDF |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread-6331.nasl - Type : ACT_GATHER_INFO |
2011-01-27 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_acroread_ja-6398.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_acroread-6332.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_acroread_ja-090806.nasl - Type : ACT_GATHER_INFO |
2009-08-28 | Name : The version of Adobe Acrobat on the remote Windows host is affected by multip... File : adobe_acrobat_912.nasl - Type : ACT_GATHER_INFO |
2009-08-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2009-1109.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_acroread-090701.nasl - Type : ACT_GATHER_INFO |
2009-07-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200907-06.nasl - Type : ACT_GATHER_INFO |
2009-06-11 | Name : The PDF file viewer on the remote Windows host is affected by multiple vulner... File : adobe_reader_912.nasl - Type : ACT_GATHER_INFO |