Adobe Reader Flaws in JBIG2 Filter Let Remote Users Execute Arbitrary
|
|
SecurityTracker Alert ID: 1021892 |
|
SecurityTracker URL: http://securitytracker.com/id/1021892
|
|
CVE Reference:
CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062
(Links to External Site)
|
Date: Mar 25 2009
|
Impact:
Execution of arbitrary code via network, User access via network
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 9 and prior versions
|
Description:
Several vulnerabilities were reported in Adobe Reader. A remote user can cause arbitrary code to be executed on the target user's system.
A remote user can create a PDF file with specially crafted JBIG2-encoded stream that, when loaded by the target user, will trigger a flaw in the JBIG2 filters and execute arbitrary code on the target system. The code will run with the privileges of the target user.
Sean Larsson of iDefense Labs, Jonathan Brossard from iViZ Security Research Team, Will Dormann of CERT/CC, and Alin Rad Pop of Secunia Research reported these vulnerabilities.
|
Impact:
A remote user can create a file that, when loaded by the target user, will execute arbitrary code on the target user's system.
|
Solution:
The vendor has issued a fix (7.1.1, 8.1.4, 9.1), available at:
http://get.adobe.com/reader/
The vendor's advisory is available at:
http://www.adobe.com/support/security/bulletins/apsb09-04.html
|
Vendor URL: www.adobe.com/support/security/bulletins/apsb09-04.html (Links to External Site)
|
Cause:
Boundary error, Input validation error
|
Underlying OS:
Linux (Any), UNIX (OS X), UNIX (Solaris - SunOS), Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 24 Mar 2009 18:57:50 -0500
Subject: Adobe Acrobat / Adobe Reader
|
CVE-2009-0658, CVE-2009-0927, CVE-2009-0193, CVE-2009-0928, CVE-2009-1061, CVE-2009-1062
http://www.adobe.com/support/security/bulletins/apsb09-04.html
|
|
