Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

Adobe reader vulnerability discovered

Core Security Technologies : 06 November, 2008  (Technical Article)
Software security testing vendor discovers critical vulnerability in Adobe's popular PDF reader
Core Security Technologies, provider of Core Impact, the most comprehensive solution for proactive enterprise security testing, has issued an advisory disclosing a vulnerability that could affect millions of individuals and businesses using Adobe's Reader PDF-file browsing software.

Engineers from CoreLabs, the research arm of Core Security, determined that Adobe Reader could be exploited to gain access to vulnerable systems via the use of a specially crafted PDF file with malicious JavaScript content. Upon making the discovery, CoreLabs immediately alerted Adobe to the vulnerability and the two companies have since coordinated efforts to ensure that a patch could be created and made available to protect users of the program.

"As with many of today's ubiquitous client side applications, the sheer complexity of Adobe Reader creates a broad surface for potential vulnerabilities and, in this case, Adobe's inclusion of a fully-fledged JavaScript engine introduces the same types of implementation bugs commonly found in such sophisticated client side programs," said Ivan Arce, CTO at Core Security Technologies. "It's worth noting that the bug was discovered while investigating a previously disclosed and similar problem in another PDF viewer application, highlighting the manner in which common implementation mistakes are frequently shared among multiple vendors."

Adobe Reader is arguably the world's most ubiquitous electronic document sharing application. The software can be used to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files, and includes scripting functionality to allow for extended customization and extensibility.

Successful exploitation of the vulnerability requires that users open a maliciously crafted PDF file thereby allowing attackers to gain access to vulnerable systems and assume the privileges of a user running Acrobat Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem.

Adobe has issued a security update that addresses the vulnerable version 8.1.2 of Reader. Alternatively, users of affected versions of the program can also work around the problem and reduce their exposure by disabling JavaScript functionality in the software's Edit|Preferences menu.

While investigating the feasibility of exploiting vulnerability previously disclosed in Foxit Reader (CVE-2008-1104) a CoreLabs researcher found that Adobe Reader was affected by the same bug.

After an initial examination of the involved implementation bug, it was believed that although present, the problem was apparently not exploitable in Adobe Reader due to the use of two structured exception handlers in the program. The primary difference between the Adobe and Foxit applications is the manner in which they perform security checks, and at first glance, it seemed as if the bug was not exploitable in Reader, since there was no way to control the program's first exception handler.

However, upon further examination of the code, CoreLabs found that another overflow occurs before the call to the involved code is made in relation to the previously known vulnerability. This new problem was identified in the way vulnerable versions of Adobe Reader implement the JavaScript util.printf() function. The function first converts the argument it receives to a String, using only the first 16 digits of the argument and padding the rest with a fixed value of "0" (0x30). By passing an overly long and properly formatted command to the function it is possible to overwrite the program's memory and control its execution flow.

A specifically crafted PDF file that embeds JavaScript code to manipulate the program's memory allocation pattern and trigger the vulnerability can allow an attack to execute arbitrary code with the privileges of a user running the Adobe Reader application.

The vulnerability was discovered by Damian Frizza, a CoreLabs researcher and software engineer with the Core Impact Exploit Writers Team. The previously disclosed vulnerability (CVE-2008-1104 ) mentioned in this report was discovered in Foxit Reader by Dyon Balding from Secunia Research and disclosed on May 20th, 2008.
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo