Advisories

CERT-In Advisory CIAD-2008-0057

Multiple Vulnerabilities in Adobe Acrobat and Reader

Original Issue Date: November 10, 2008

Severity Rating: High

Systems Affected

Adobe Reader 8.1.2 and prior

Overview

Multiple vulnerabilities have been reported in Adobe Acrobat, which could allow a remote attacker to cause application crash or to take complete control of the affected system.

Description

1. JavaScript Input Validation Vulnerability ( CVE-2008-2992   )

A JavaScript input validation vulnerability has been reported in Adobe Acrobat and reader. This vulnerability is caused due to improper parameter check while handling of PDF embedded JavaScript code. A remote attacker can exploit this vulnerability by sending specially crafted PDF files containing format string argument. Due to improper checking of util.printf JavaScript function arbitrary memory can be overwritten, which could lead to remote code execution.

2.Adobe Acrobat Reader Denial of Service ( CVE-2008-2549   )

An Adobe Acrobat reader PDF file denial of service vulnerability has been reported. This vulnerability is caused due to improper handling of PDF file. A remote attacker can exploit this vulnerability by persuading victim to open a specially crafted PDF file, to crash the application and to execute arbitrary code on affected system.

3. Out of bound Array Indexing Vulnerability ( CVE-2008-4812   )

An out of bound array indexing vulnerability has been reported in Adobe Acrobat reader. This vulnerability is caused due to improper parsing of Type 1 fonts. No bound checking is performed after allocating an area of memory. A remote attacker can access and modify arbitrary memory by convincing user to open specially crafted PDF file, which could cause arbitrary code execution.

4. JavaScript getCosObj Memory Corruption and Malformed PDF code execution Vulnerability ( CVE-2008-4813   )

A specific flaw exists in Adobe Acrobat while parsing malicious JavaScript contained PDF document. A remote attacker can create a Collab object and perform specific sequence of actions on it to cause memory corruption, resulting in remote code execution.

A Malformed PDF code execution vulnerability in Adobe Acrobat reader exists because of a specific flaw while parsing the PDF objects defined in the PDF file. A specific malformed object supplied to Adobe Acrobat, could cause a small memory corruption, which can allow an attacker to execute an arbitrary code under the context of currently logged in user of an affected system.

5. AcroJS Heap Corruption Vulnerability ( CVE-2008-4817   )

A heap corruption vulnerability has been reported in Adobe Acrobat professional and Reader. This vulnerability is caused due to AcroJS function available for scripting code inside of a PDF document, which is used for HTTP authentication. A remote attacker can supply long string to this function to cause heap memory corruption, which could allow the execution of arbitrary code.

6. Adobe Reader Download Manager Vulnerability
( CVE-2008-4816   )

An unspecified vulnerability has been reported in the Windows-version of Download Manager in Adobe Reader, which could allow a remote attacker to modify the target user's internet security options on a user's machine during the download process.

7. JavaScript Input validation Vulnerability ( CVE-2008-4814   )

An unspecified vulnerability has been reported in a JavaScript method in Adobe Acrobat and Reader. This vulnerability caused due to improper validation of input supplied to JavaScript method, which could allow a remote attacker to execute arbitrary code on affected system.

8. Unix-only Privilege Escalation Vulnerability ( CVE-2008-4815   )

An untrusted search path vulnerability exists in Adobe Acrobat and Reader on Unix and Linux platform, which could allow an attacker to gain privileges via a Trojan horse program in an unspecified directory which is associated with an insecure RPATH.
Successful exploitation of these vulnerabilities could allow the execution of arbitrary code, which could help the remote attackers to take complete control over an affected system.

Solution

Apply appropriate patches as mentioned in Adobe Security Bulletin APSB08-19

Vendor Information

Adobe Systems
http://www.adobe.com/support/security/bulletins/apsb08-19.html

References

ZeroDay Initiative
http://www.zerodayinitiative.com/advisories/ZDI-08-072/
http://www.zerodayinitiative.com/advisories/ZDI-08-074/
http://www.zerodayinitiative.com/advisories/ZDI-08-073/

iDefense Labs
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=756

SkyRecon Systems
http://www.skyrecon.com/index.php?option=com_content&task=view&id=302&Itemid=124

Secunia
http://secunia.com/secunia_research/2008-14/
http://secunia.com/advisories/29773/

SecurityTracker
http://securitytracker.com/alerts/2008/Nov/1021140.html

SecurityFocus
http://www.securityfocus.com/bid/32100
http://www.securityfocus.com/bid/29420

ISS X-Force
http://xforce.iss.net/xforce/xfdb/42886

CVE Name
CVE-2008-2992
CVE-2008-2549
CVE-2008-4812
CVE-2008-4813
CVE-2008-4817
CVE-2008-4816
CVE-2008-4814
CVE-2008-4815

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Email: info@cert-in.org.in
Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India