lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <001501ca4e38$b0f1eb60$12d5c220$@com>
Date: Fri, 16 Oct 2009 10:14:26 +0200
From: <security@...ns.com>
To: <full-disclosure@...ts.grok.org.uk>, <bugtraq@...urityfocus.com>
Cc: <cve@...re.org>, <soc@...cert.gov>, <vuln@...unia.com>,
	<cert@...t.org>
Subject: n.runs-SA-2009.007 - Adobe Acrobat - Invalid pointer write could lead to arbitrary code execution

n.runs AG
http://www.nruns.com/                             security(at)nruns.com
n.runs-SA-2009.007                                          15-Oct-2009
_______________________________________________________________________

Vendor:                Adobe Systems Incorporated, http://www.adobe.com
Affected Products:     Adobe Acrobat Reader/Acrobat
                       Version: 8.1.3 - 8.1.6
                       Platform: Windows
Vulnerability:         Invalid pointer write could lead to arbitrary 
                       code execution 
Risk:                  HIGH
CVE:                   CVE-2009-2991
_______________________________________________________________________

Vendor communication:

2009/07/22    n.runs sends PoC to Mozilla Security team
2009/07/23    Brandon from Mozilla acknowledges the PoC file
2009/09/27    n.runs asking for status update
2009/09/29    Brandon apologizes the delay and replies he could not 
              reproduce the issue and asking for more information
2009/10/13    Adobe releases an update for this issue [1]
2009/10/13    n.runs informs Mozilla an update for the issue was 
              released by Adobe. n.runs asks if a Bugzilla entry exists

2009/10/13    Brandon replies he have not opened a bug in the Bugzilla 
              system, as he was not able to reproduce the issue yet, but 
              is looking at the Adobe advisory to see if there is 
              further work needed on Mozilla's side
2009/10/15    n.runs releases this advisory

_______________________________________________________________________


Overview:

Quoting http://www.adobe.com/aboutadobe/pressroom/pdfs/profile.pdf:
"Adobe revolutionizes how the world engages with ideas and information. 
For 25 years, the company's award-winning software and technologies have 
redefined business, entertainment, and personal communications by setting 
new standards for producing and delivering content that engages people 
virtually anywhere at anytime. From rich images in print, video, and 
film to dynamic digital content for a variety of media, the impact of 
Adobe solutions is evident across industries and felt by anyone who 
creates, views, and interacts with information. With a reputation 
for excellence and a portfolio of many of the most respected and 
recognizable software brands, Adobe is one of the world's largest and 
most diversified software companies."



Description:

A remotely exploitable vulnerability has been found in 
Adobe Acrobat Reader/Acrobat Firefox plugin.

In detail, the following flaw was determined:

- The default settings of Adobe Acrobat Reader/Acrobat have been 
applied. A non existing PDF file with-in the <embed> Tag could lead to 
an invalid pointer write. This occurs when Adobe's PDF plugin gets 
unloaded in a Firefox instance. 



Impact

An attacker could exploit the vulnerability by constructing a specially
prepared Website. When a user views the Web page, the vulnerability
could allow remote code execution. An attacker who successfully
exploits this vulnerability could gain the same user rights as the
logged-on user. 



Solution:

Adobe has issued an update to correct this vulnerability.
For detailed information about the fixes follow the link in
References [1] section of this document.


_______________________________________________________________________

Credit: 
Bugs found by Alexios Fakos of n.runs AG. 
_______________________________________________________________________

References: 
[1] http://www.adobe.com/support/security/bulletins/apsb09-15.html

This Advisory and Upcoming Advisories:
http://www.nruns.com/security_advisory.php
_______________________________________________________________________

Unaltered electronic reproduction of this advisory is permitted. For 
all other reproduction or publication, in printing or otherwise, 
contact security@...ns.com for permission. Use of the advisory 
constitutes acceptance for use in an "as is" condition. All warranties
are excluded. In no event shall n.runs be liable for any damages 
whatsoever including direct, indirect, incidental, consequential loss 
of business profits or special damages, even if n.runs has been advised
of the possibility of such damages. 

Copyright 2009 n.runs AG. All rights reserved. Terms of use apply.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ