Critical Vulnerabilities in Adobe Reader and Acrobat Products
 |
 |
 |
 |
 |
Adobe issues its first quarterly security update
Introduction
On June 9, 2009 Adobe released its first quarterly security update for Adobe Reader and Acrobat. The update addresses critical vulnerabilitiesthat have been identified in the way multiple versions of Adobe Reader and Acrobat process malformed PDF files. Exploitation of these vulnerabilities could lead to arbitrary code execution.
Products Affected
Products affected are Adobe Reader 9.1.1 and Acrobat 9.1.1 and earlier versions. These vulnerabilities would cause the application to crash and could potentially allow an attacker to take control of the affected system.
Adobe Reader and Acrobat is a family of computer programs developed by Adobe Systems, designed to view, create, manipulate and manage files in Adobe's core technology, the Portable Document Format (PDF), a format that has become the de facto standard in the electronic document exchange. Adobe Reader isuniversal client software that enables users inside and outside the firewall to interact with electronic documents online or offline. Adobe Reader and Acrobat are widely used by government organizations, corporations, and individuals around the world.
Vulnerabilities and Protections
Adobe has issued patches for these vulnerabilities as part of its new, quarterly security update. Check Point recommends applying these patches and the additional Check Point protections referenced below.
Embedded JBIG2 Images
(CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-1860, CVE-2009-1861)
A large number of the vulnerabilities are related to the handling of embedded JBIG2 images. The vulnerable Adobe Reader and Acrobat products fail to properly check various components of the image format. The JBIG2 image format is rarely used in legitimate PDF documents so its presence can be indicative of an attack trying to exploit these vulnerabilities.
Check Point provides immediate protections through the Check Point IPS Software Blade and IPS-1 dedicated appliance that detect and block PDF documents containing embedded JBIG2 images, thus addressing the related vulnerabilities from this month's Adobe bulletin. Users are advised to activate this protection with care as it may block legitimate PDF documents embedding JBIG2 images. Users of R70 IPS Blade can use the Detect-Only mode to monitor JBIG2 traffic.
JBIG2 Parameters
(CVE-2009-1858)
This vulnerability involves how Adobe Reader and Acrobat handle certain JBIG2 parameters in malformed PDF documents. A remote attacker could trigger this issue via a specially crafted PDF file. Successful exploitation will create a denial of service condition, causing the application to become nonresponsive, and may allow execution of arbitrary code once a malicious PDF file is loaded on a vulnerable system. Check Point provides immediate protection through the Check Point IPS Software Blade that detects and blocks PDF documents containing malformed JBIG2 images.
U3D RHAdobeMeta Extension
(CVE-2009-1855)
This is a vulnerability in the parsing of a malformed U3D model RHAdobeMeta Extension contained in a PDF document. Check Point provides immediate protection through the Check Point IPS Software Blade that detects and blocks attempts to transfer malformed PDF files over HTTP.
FlateDecode Parameters
(CVE-2009-1856)
This vulnerability involves integer overflow occurring when parsing a FlateDecode Parameters inside a PDF file. Check Point provides immediate protection through the Check Point IPS Software Blade that detects and blocks attempts to transfer malformed PDF files over HTTP.