| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 13 Apr 2010 21:27:25 -0400 (EDT)
From: TELUS Security Labs - Vulnerability Research <noreply@...us.com>
To: full-disclosure@...ts.grok.org.uk
Subject: TELUS Security Labs VR - Adobe Reader U3D
CLODMeshDeclaration Shading Count Memory Corruption
Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow
TSL ID: FSC20100413-01
1. Affected Software
Adobe Systems Acrobat Reader 8.1.6 for Linux
Adobe Systems Acrobat Reader 9.2 for Linux
Adobe Systems Acrobat Reader 9.3 for Linux
Reference: http://get.adobe.com/reader/
2. Vulnerability Summary
A remotely exploitable vulnerability has been discovered in Adobe Acrobat Reader for Linux. Specifically, the vulnerability is due to an integer overflow when processing the "Shading Count" field in the CLOD Mesh Declaration block, which may lead to a heap based buffer overflow and execution of arbitrary code.
3. Vulnerability Analysis
This vulnerability may be exploited by remote attackers to execute arbitrary code on the vulnerable system by enticing a user to open a maliciously crafted PDF document. A successful attack will result in arbitrary code executed on the target host with the privileges of the logged-on user. An unsuccessful attack can abnormally terminate the affected product.
4. Vulnerability Detection
TELUS Security Labs has confirmed the vulnerability in:
Adobe Systems Acrobat Reader 8.1.6 for Linux
Adobe Systems Acrobat Reader 9.2 for Linux
Adobe Systems Acrobat Reader 9.3 for Linux
5. Workaround
Avoid opening untrusted PDF files, or use an alternative application to process PDF files.
6. Vendor Response
The vendor, Adobe, has released an advisory regarding this vulnerability:
http://www.adobe.com/support/security/bulletins/apsb10-09.html
7. Disclosure Timeline
2010-02-19 Reported to vendor
2010-02-19 Initial vendor response
2010-04-13 Coordinated public disclosure
8. Credits
Vulnerability Research Team, TELUS Security Labs
9. References
CVE: CVE-2010-0196
TSL: FSC20100413-01
Vendor: apsb10-09
10. About TELUS Security Labs
TELUS Security Labs, formerly Assurent Secure Technologies, is the leading provider of security research. Our research services include:
* Vulnerability Research
* Malware Research
* Signature Development
* Shellcode Exploit Development
* Application Protocols
* Product Security Testing
* Security Content Development (parsers, reports, alerts)
TELUS Security Labs provides a specialized portfolio of services to assist security product vendors with newly
discovered commercial product vulnerabilities and malware attacks. Many of our services are provided on a subscription basis to reduce research costs for our customers. Over 50 of the world's leading security product vendors rely on TELUS Security Labs research.
http://telussecuritylabs.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists