HOME > ADVISORIES


   ADVISORIES

CERT-In Advisory CIAD-2008-09
Multiple vulnerabilities in Adobe Reader/Acrobat

Original issue date: Februrary 11, 2008
Updated : March 11, 2008 , May 08, 2008

Severity Rating: High

Systems Affected

•  Adobe Acrobat Professional version 8.1.1 and prior
•  Adobe Acrobat Professional version 8.1.1 and prior
•  Adobe Acrobat 3D version 8.1.1 and prior
•  Adobe Acrobat Standard version 8.1.1 and prior

Overview

Multiple vulnerabilities have been reported in Adobe Reader/Acrobat product while handling PDF files that could be exploited by the remote attacker to cause execution of arbitrary code.

Description

1.Adobe Reader Security Provider Unsafe Library path Vulnerability in Adobe Reader (CVE-2007-5666)

Security Provider libraries provide encryption and signature verification routines to applications.

A vulnerability has been identified in Adobe Reader due to a path used for "Security Provider" libraries that contains the directory in which the application was started. This Vulnerability could be exploited by the remote attackers via specially crafted .pdf files from a directory under their control and entice user to open the same. Successful exploitation would allow remote attacker to execute arbitrary code.

2.Multiple Stack-based Buffer overflow vulnerabilities in Adobe Reader/Acrobat (CVE-2007-5659 )

The vulnerability is caused due to input validation error in several java scripts methods in java script libraries while checking performed on string length before it is copied into a fixed sized buffer on the stack. An attacker could host a website containing the specially crafted file and persuade user to visit the web site by getting them click on the link to the web site or could send the file to the user in email attachment. Opening this crafted file allows execution of arbitrary code.

3.JavaScript Insecure Method Exposure Vulnerability in Adobe Reader/Acrobat (CVE-2007-5663)

This vulnerability is caused while implementing a version of JavaScript in the “EScript.api” plug-in in Adobe which is based on the reference implementation in which One of the methods exposed allows direct control over low level features of the object. An attacker could exploit this vulnerability through specially crafted file and persuade user to open the same. Opening this file result in execution of arbitrary code.

4.Java Script “doc.print ()" method Vulnerability in Adobe Reader/Acrobat
(CVE-2008-0667)

This vulnerability is caused while implementing JavaScript method "doc.print ()" in Adobe. This vulnerability is exploited by the remote attacker via specially crafted PDF file by configure it to silent non-interactive printing and persuade user to open the same. Opening this file result in execution of arbitrary code. Sucessful exploitation would print excessive number of PDF file.

5.JavaScript "printSepsWithParams()" method Vulnerability in Adobe Reader/Acrobat
(CVE-2008-0726)

This vulnerability is caused while implementing JavaScript method "printSepsWithParams()" in Adobe. This vulnerability is exploited by the remote attacker via specially crafted .PDF file and persuade user to open the same. Opening this file cause memory corruption result in execution of arbitrary code.

6.Unspecified vulnerabilities in Adobe Reader/Acrobat
(CVE-2008-0655)

This vulnerability is caused due to a design flaw in Adobe Reader and Acrobat which could allow a specially crafted file to be printed silently an arbitrary number of times

NOTE: It may be noted that this vulnerability is used for spreading Trojan.Zonebac

7. JavaScript API ”app.checkForUpdate()” Function    Vulnerability in Adobe Reader/Acrobat (CVE-2008-2042)

This vulnerability is caused while implementing JavaScript ”app.checkForUpdate()” in Adobe Adobe Acrobat and Reader . An attacker could exploit this vulnerability via specially crafted .PDF file that invokes “app.checkForUpdate()” with a malicious callback function . Successful exploitation of this vulnerability would allow remote attacker to execute arbitrary code.

Workaround

  • Disable JavaScript in Adobe Reader or Acrobat

Solution

Apply Update as mentioned in Advisory of Adobe
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.adobe.com/support/security/bulletins/apsb08-13.html

Adobe Reader 8.1.2 Release Notes
http://kb.adobe.com/selfservice/viewContent.do?externalId=
kb403079&sliceId=1

Vendor Information

Adobe Systems
http://www.adobe.com/support/security/advisories/apsa08-01.html
http://www.adobe.com/support/security/bulletins/apsb08-13.html

References

FORTINET
http://www.fortiguardcenter.com/advisory/FGA-2008-09.html

X-FORCE
http://xforce.iss.net/xforce/xfdb/42237

FrSIRT
http://www.frsirt.com/english/advisories/2008/0425

Secuina
http://secunia.com/advisories/28851/
http://secunia.com/advisories/28802/

SecuriTeam
http://www.securiteam.com/windowsntfocus/5XP0B00NFG.html
http://www.securiteam.com/securitynews/5LP032KNFM.html
http://www.securiteam.com/windowsntfocus/5YP0C00NFO.html

Security-Focus
http://www.securityfocus.com/bid/27641/info

iDefense
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=655
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=656
http://labs.idefense.com/intelligence/vulnerabilities/display.php?
id=657

Symantec
http://www.symantec.com/security_response/writeup.jsp?docid
=2006-091612-5500-99&tabid=2
http://www.symantec.com/enterprise/security_response/weblog2008/
02/pidief_a_byword_for_0day_explo.html

CVE-Name
CVE-2007-5659
CVE-2007-5663
CVE-2007-5666
CVE-2008-0667
CVE-2008-0726
CVE-2008-0655
CVE-2008-2042

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003