Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

system · February 21, 2009, 1:42am

Release date: February 19, 2009
Vulnerability identifier: APSA09-01

CVE number: CVE-2009-0658

Platform: All platforms
Summary

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Affected software versions

Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions
Severity rating

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

http://www.adobe.com/support/security/advisories/apsa09-01.html

Cheers.
Josh

LeoniAquila · February 21, 2009, 1:55am

& can U pls tell us Josh, how do we protect ourselves from BO attacks (:KWL)

Melih · February 21, 2009, 2:38am

Once again we see the importance of having a Buffer Overflow protection!

Many vulnerabilities (majority of them actually), discovered regularly in many popular applications, are Buffer Overflow (BO) vulnerabilities!

With CIS you get protection against BO!

Melih

darcjrt · February 21, 2009, 4:23am

And people still think BO is a myth?? hehe!

Thanks for the info!
:comodorocks:

rejzor · February 21, 2009, 12:14pm

Well, but does it really prevent it? I mean this very example with Adobe?

LeoniAquila · February 21, 2009, 12:27pm

Why wouldn’t it?

rejzor · February 21, 2009, 12:36pm

Why wouldn’t it, doesn’t answer anything…

ailef · February 21, 2009, 12:46pm

anyway why using acrobat reader, this ■■■■ huge software as there are alternative very light like foxit reader. u can use the zip version without any installer, just clic the exe inside and the prog works.
version 2.3 still got no installer, u can find it there : PDF Software & Tools Tailored to Your Business | Foxit
it’s less than 3MB, what’s the size of acrobat reader bloat ? X10 more ? lol , for exactly the same prog.

crysisfan · February 21, 2009, 12:48pm

So, why don’t you give it a try and see for yourself?

Bad_Frogger · February 21, 2009, 12:52pm

Hey RejZoR,

The BO protection reacts to the buffer overflow condition on the PC,
disregarding which application initiates the condition.

@ ailef,

:-TU :-TU

Later

Sandwater · February 21, 2009, 6:32pm

Yes, that is what I did about 2 months ago. I simply got tired of fighting adobe’s updater.

But, I’ve had this thought.

Since adobe and pdf’s seem to have so many security probs, I wonder which is the prob, adobe or pdf.

If it’s pdf, wouldn’t it be risky using a “free” reader from a (no slight intended, just a probable truth) smallish company without adobe’s resources?

alaertsxan · February 21, 2009, 7:07pm

AFAIK the problems are from Adobe, not pdf. People with foxit should be safe

Xan

crysisfan · February 21, 2009, 7:37pm

People with Adobe and CIS should also be safe.

Melih · February 21, 2009, 8:00pm

yes it does

Melih

who_te_fuc · February 21, 2009, 8:40pm

Good to have it confirmed that it catches this BO…

Guess comodo has done a lot of internal testing against all sorts of BO attacks to pinpoint flaws and holes prior to releasing this thing. =)

rejzor · February 21, 2009, 10:23pm

I also noticed that CIS isn’t the only with BO protection. ThreatFire also has it. It also prevented this exploit.

Citizen_K · February 21, 2009, 11:28pm

Sophos antivirus also has the BO protection. Still, there are only a very few program protecting against BO attack.

BO protection rocks as it protects us from in the wild leaks that may already be exploited… (:NRD)

Melih · February 21, 2009, 11:52pm

there is a difference between protecting against expoilts using behaviour blocking or heuristic or proper BO protection as we have. I do not know how others work, but you can easily test them with our BO tester utility to see if it really prevents BO or just uses behaviour or signatures to detect.

thanks
Melih

L.A.R_Grizzly · February 21, 2009, 11:53pm

I, too, would like to get rid of Adobe and use Foxit…except that Foxit won’t do fill-in forms. I use the State and Federal fill-in forms for taxes and Foxit isn’t compatible. Also, Foxit won’t open a .pdf file within the browser, you have to download them all.

Sandwater · February 22, 2009, 6:27am

Ok, I hear you. But unfortunately for me my concerns aren’t laid to rest that easily

I’m wondering how to prove things.

Call me The Seeker. This is how I ended up with the Comodo Firewall. It’s too cool that I can tell any particular program it can’t even use the keyboard.

I’ll keep searching for data on why adobe and pdf’s are so ****** *p. Probably has to do with adobe wanting everything networked together from the get go. Much like other big software outfits.

If I find something useful, I’ll post it.