Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:21992
HistoryJun 11, 2009 - 12:00 a.m.

Secunia Research: Adobe Reader JBIG2 Text Region Segment Buffer Overflow

2009-06-1100:00:00
vulners.com
12
JSON

======================================================================

                 Secunia Research 10/06/2009

  - Adobe Reader JBIG2 Text Region Segment Buffer Overflow -

======================================================================
Table of Contents

Affected Software…1
Severity…2
Vendor's Description of Software…3
Description of Vulnerability…4
Solution…5
Time Table…6
Credits…7
References…8
About Secunia…9
Verification…10

======================================================================
1) Affected Software

  • Adobe Reader 9.1.0

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Highly critical
Impact: System access
Where: From remote

======================================================================
3) Vendor's Description of Software

"Adobe Reader software is the global standard for electronic document
sharing. It is the only PDF file viewer that can open and interact
with all PDF documents."

Product Link:
http://www.adobe.com/products/reader/

======================================================================
4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Adobe Reader, which
can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the processing
of Huffman encoded JBIG2 text region segments. This can be exploited
to cause a heap-based buffer overflow via a specially crafted PDF
file.

Successful exploitation may allow execution of arbitrary code.

======================================================================
5) Solution

Update to version 9.1.2, 8.1.6, or 7.1.3.

======================================================================
6) Time Table

14/04/2009 - Vendor notified.
14/04/2009 - Vendor response.
10/06/2009 - Public disclosure.

======================================================================
7) Credits

Discovered by Alin Rad Pop, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2009-0198 for the vulnerability.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2009-24/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================

Related

prion 1
ubuntucve 1
cve 1
securityvulns 1
nessus 11
openvas 12
suse 1
threatpost 1
redhat 1
gentoo 1
prion
prion
Heap overflow
2009-06-11 15:30:00
ubuntucve
ubuntucve
CVE-2009-0198
2009-06-11 00:00:00
cve
cve
CVE-2009-0198
2009-06-11 15:30:00
securityvulns
securityvulns
Adobe Acrobat / Reader code execution
2009-09-04 00:00:00
nessus
nessus
SuSE 10 Security Update : Acrobat Reader (ZYPP Patch Number 6331)
2011-01-27 00:00:00
openSUSE Security Update : acroread (acroread-1060)
2009-07-21 00:00:00
SuSE 11 Security Update : Acrobat Reader (SAT Patch Number 1059)
2009-09-24 00:00:00
openvas
openvas
SuSE Security Advisory SUSE-SA:2009:035 (acroread)
2009-07-06 00:00:00
SUSE: Security Advisory for acroread (SUSE-SA:2009:035)
2009-07-06 00:00:00
Adobe Reader/Acrobat Multiple BOF Vulnerabilities (APSB09-07) - Windows
2009-06-16 00:00:00
suse
suse
remote code execution in acroread
2009-07-01 18:07:59
threatpost
threatpost
Adobe slaps band-aid on 13 security holes
2009-06-09 21:54:04
redhat
redhat
(RHSA-2009:1109) Critical: acroread security update
2009-06-17 00:00:00
gentoo
gentoo
Adobe Reader: User-assisted execution of arbitrary code
2009-07-12 00:00:00
JSON
Related for SECURITYVULNS:DOC:21992
prion1ubuntucve1cve1securityvulns1nessus11openvas12suse1threatpost1redhat1gentoo1