‘Adobe Reader Embedded Font Handling Out of Bounds Array Indexing Vulnerability’
Summary
‘dobe Acrobat Reader is ‘a program for viewing Portable Document Format (PDF) documents’.
Credit:
‘The information has been provided by iDefense Labs Security Advisories.
The original article can be found at: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=755‘
Details
‘Vulnerable Systems:
* Adobe Reader version 8.1.1
The vulnerability specifically exists in code responsible for parsing Type 1 fonts. After allocating an area of memory, no bounds checking is performed. Subsequent access of this memory may result in modification of arbitrary memory, which in turn may result in arbitrary code execution.
Analysis:
Exploitation of this vulnerability would allow a remote attacker to execute arbitrary code as the current user. In order to exploit this vulnerability, the attacker would have to convince the target user to open a maliciously crafted file, either by opening an email attachment or visiting a website which contained an embedded PDF file. No further interaction is required. The Explorer extension which displays the thumbnail view of the document, AcroRd32Info, is also vulnerable. This may allow the vulnerability to be exploited by simply clicking on a PDF file without opening it, even from a network share.
Vendor response:
Adobe has released a patch which addresses this issue. For more information, consult their advisory at the following URL.
http://www.adobe.com/support/security/bulletins/apsb08-19.html
CVE Information:
CVE-2008-4812
Disclosure timeline:
12/27/2007 – Initial Vendor Notification
12/28/2007 – Initial Vendor Reply
10/31/2008 – Additional Vendor Feedback
11/04/2008 – Coordinated Public Disclosure’