Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat

Release date: February 19, 2009

Vulnerability identifier: APSA09-01

CVE number: CVE-2009-0658

Platform: All platforms

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

All documented security vulnerabilities and their solutions are distributed through the Adobe security notification service. You can sign up for the service at the following URL: http://www.adobe.com/cfusion/entitlement/index.cfm?e=szalert
Affected software versions

Adobe Reader 9 and earlier versions
Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions
Severity rating

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.



& can U pls tell us Josh, how do we protect ourselves from BO attacks (:KWL)

Once again we see the importance of having a Buffer Overflow protection!

Many vulnerabilities (majority of them actually), discovered regularly in many popular applications, are Buffer Overflow (BO) vulnerabilities!

With CIS you get protection against BO!


And people still think BO is a myth?? hehe!

Thanks for the info!

Well, but does it really prevent it? I mean this very example with Adobe?

Why wouldn’t it?

Why wouldn’t it, doesn’t answer anything…

anyway why using acrobat reader, this ■■■■ huge software as there are alternative very light like foxit reader. u can use the zip version without any installer, just clic the exe inside and the prog works.
version 2.3 still got no installer, u can find it there : PDF Software & Tools Tailored to Your Business | Foxit
it’s less than 3MB, what’s the size of acrobat reader bloat ? X10 more ? lol , for exactly the same prog.

So, why don’t you give it a try and see for yourself?

Hey RejZoR,

The BO protection reacts to the buffer overflow condition on the PC,
disregarding which application initiates the condition.

@ ailef,

:-TU :-TU


Yes, that is what I did about 2 months ago. I simply got tired of fighting adobe’s updater.

But, I’ve had this thought.

Since adobe and pdf’s seem to have so many security probs, I wonder which is the prob, adobe or pdf.

If it’s pdf, wouldn’t it be risky using a “free” reader from a (no slight intended, just a probable truth) smallish company without adobe’s resources?

AFAIK the problems are from Adobe, not pdf. People with foxit should be safe :wink:


People with Adobe and CIS should also be safe. :wink:

yes it does


Good to have it confirmed that it catches this BO…

Guess comodo has done a lot of internal testing against all sorts of BO attacks to pinpoint flaws and holes prior to releasing this thing. =) :slight_smile: :wink:

I also noticed that CIS isn’t the only with BO protection. ThreatFire also has it. It also prevented this exploit.

Sophos antivirus also has the BO protection. Still, there are only a very few program protecting against BO attack.

BO protection rocks as it protects us from in the wild leaks that may already be exploited… (:NRD)

there is a difference between protecting against expoilts using behaviour blocking or heuristic or proper BO protection as we have. I do not know how others work, but you can easily test them with our BO tester utility to see if it really prevents BO or just uses behaviour or signatures to detect.


I, too, would like to get rid of Adobe and use Foxit…except that Foxit won’t do fill-in forms. I use the State and Federal fill-in forms for taxes and Foxit isn’t compatible. Also, Foxit won’t open a .pdf file within the browser, you have to download them all.

Ok, I hear you. But unfortunately for me my concerns aren’t laid to rest that easily

I’m wondering how to prove things.

Call me The Seeker. This is how I ended up with the Comodo Firewall. It’s too cool that I can tell any particular program it can’t even use the keyboard.

I’ll keep searching for data on why adobe and pdf’s are so ****** *p. Probably has to do with adobe wanting everything networked together from the get go. Much like other big software outfits.

If I find something useful, I’ll post it.