Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Update Protection against Adobe Multiple Products JBIG2 Stream Buffer Overflow Vulnerability

Subscribe

Check Point Reference: CPAI-2009-050
Date Published:
Severity:
Source: Secunia Advisory: SA33901
Industry Reference(s): CVE-2009-0658
Protection Provided by: Security Gateway
  • R70
VPN-1
  • NGX R65
  • NGX R62
  • NGX R61
  • NGX R60
VSX
  • NGX R65
Who is Vulnerable?
Adobe Systems Acrobat 9 and prior
Adobe Systems Adobe Reader 9 and prior
Vulnerability Description
A buffer overflow vulnerability has been reported in Adobe Reader and Acrobat when handling PDF files that contain a JBIG2 stream. A remote attacker can exploit this vulnerability to execute arbitrary code on an affected system via a specially crafted PDF file. Portable Document Format (PDF) is an open file format created by Adobe Systems. It is used for representing two-dimensional documents in a device and resolution independent fixed-layout document format. Successful exploitation allows execution of arbitrary code on a vulnerable system and may cause the affected Acrobat application to terminate abnormally.
Update/Patch Available
Update the affected product:
Adobe
Vulnerability Details
The vulnerability is due to errors in Adobe products that fail to sufficiently validate input when processing embedded JBIG2 streams within PDF documents. A remote attacker could trigger this flaw via a specially crafted PDF file. Successful exploitation allows execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system and may cause the affected Acrobat application to crash.

Protection Overview
This protection will detect and block PDF files that contain embedded malformed JBIG2 streams.

In order for the protection to be activated, update your Security Gateway/VPN-1 product to the latest IPS/SmartDefense update. For information on how to update IPS/SmartDefense, go to SBP-2006-05, Protection tab and select the version of your choice.

To configure the defense, select your product from the list below and follow the related protection steps.

Additional Information
Adobe

Security Gateway R70

How Can I Protect My Network?
1. In the IPS tab, click Protections > By Protocol > Application Intelligence > Content Protection.
2. In the right pane, double-click the Adobe Products JBIG2 Stream Buffer Overflow protection.
3. In the Protection Details window, click on Edit. Choose the protection's Action (Override IPS Policy with: Prevent/Detect), and apply Additional Settings.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Adobe products JBIG2 stream buffer overflow

VPN-1 NGX R65 & R62

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:

Adobe Products JBIG2 Stream Buffer Overflow

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Adobe products JBIG2 stream buffer overflow

VPN-1 NGX R61 & R60

How Can I Protect My Network?
1. In the SmartDefense tree, click Application Intelligence > Content Protection.
2. Select the following:

Adobe Products JBIG2 Stream Buffer Overflow

3. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Adobe products JBIG2 stream buffer overflow

VPN-1 VSX NGX R65

How Can I Protect My Network?
1. In the SmartDefense tab, click Application Intelligence > Content Protection.
2. Select the following:

Adobe Products JBIG2 Stream Buffer Overflow

3. In the configuration pane, under Settings > Mode, check Active.
4. Install policy on all modules.

How Do I Know if My Network is Under Attack?
SmartView Tracker will log the following entries:

Attack Name: Content Protection Violation
Attack Information: Adobe products JBIG2 stream buffer overflow