[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001501ca4e38$b0f1eb60$12d5c220$@com>
Date: Fri, 16 Oct 2009 10:14:26 +0200
From: <security@...ns.com>
To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com>
Cc: <cve@...re.org>, <soc@...cert.gov>, <vuln@...unia.com>,
<cert@...t.org>
Subject: n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution
n.runs AG
http://www.nruns.com/ security(at)nruns.com
n.runs-SA-2009.007 15-Oct-2009
_______________________________________________________________________
Vendor: Adobe Systems Incorporated, http://www.adobe.com
Affected Products: Adobe Acrobat Reader/Acrobat
Version: 8.1.3 - 8.1.6
Platform: Windows
Vulnerability: Invalid pointer write could lead to arbitrary
code execution
Risk: HIGH
CVE: CVE-2009-2991
_______________________________________________________________________
Vendor communication:
2009/07/22 n.runs sends PoC to Mozilla Security team
2009/07/23 Brandon from Mozilla acknowledges the PoC file
2009/09/27 n.runs asking for status update
2009/09/29 Brandon apologizes the delay and replies he could not
reproduce the issue and asking for more information
2009/10/13 Adobe releases an update for this issue [1]
2009/10/13 n.runs informs Mozilla an update for the issue was
released by Adobe. n.runs asks if a Bugzilla entry exists
2009/10/13 Brandon replies he have not opened a bug in the Bugzilla
system, as he was not able to reproduce the issue yet, but
is looking at the Adobe advisory to see if there is
further work needed on Mozilla's side
2009/10/15 n.runs releases this advisory
_______________________________________________________________________
Overview:
Quoting http://www.adobe.com/aboutadobe/pressroom/pdfs/profile.pdf:
"Adobe revolutionizes how the world engages with ideas and information.
For 25 years, the company's award-winning software and technologies have
redefined business, entertainment, and personal communications by setting
new standards for producing and delivering content that engages people
virtually anywhere at anytime. From rich images in print, video, and
film to dynamic digital content for a variety of media, the impact of
Adobe solutions is evident across industries and felt by anyone who
creates, views, and interacts with information. With a reputation
for excellence and a portfolio of many of the most respected and
recognizable software brands, Adobe is one of the world's largest and
most diversified software companies."
Description:
A remotely exploitable vulnerability has been found in
Adobe Acrobat Reader/Acrobat Firefox plugin.
In detail, the following flaw was determined:
- The default settings of Adobe Acrobat Reader/Acrobat have been
applied. A non existing PDF file with-in the <embed> Tag could lead to
an invalid pointer write. This occurs when Adobe's PDF plugin gets
unloaded in a Firefox instance.
Impact
An attacker could exploit the vulnerability by constructing a specially
prepared Website. When a user views the Web page, the vulnerability
could allow remote code execution. An attacker who successfully
exploits this vulnerability could gain the same user rights as the
logged-on user.
Solution:
Adobe has issued an update to correct this vulnerability.
For detailed information about the fixes follow the link in
References [1] section of this document.
_______________________________________________________________________
Credit:
Bugs found by Alexios Fakos of n.runs AG.
_______________________________________________________________________
References:
[1] http://www.adobe.com/support/security/bulletins/apsb09-15.html
This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
_______________________________________________________________________
Unaltered electronic reproduction of this advisory is permitted. For
all other reproduction or publication, in printing or otherwise,
contact security@...ns.com for permission. Use of the advisory
constitutes acceptance for use in an "as is" condition. All warranties
are excluded. In no event shall n.runs be liable for any damages
whatsoever including direct, indirect, incidental, consequential loss
of business profits or special damages, even if n.runs has been advised
of the possibility of such damages.
Copyright 2009 n.runs AG. All rights reserved. Terms of use apply.
Powered by blists - more mailing lists