Adobe Reader/Acrobat Multiple Vulnerabilities

Secunia ID	SA34580
CVE-ID	CVE-2009-0198, CVE-2009-0509, CVE-2009-0510, CVE-2009-0511, CVE-2009-0512, CVE-2009-0888, CVE-2009-0889, CVE-2009-1855, CVE-2009-1856, CVE-2009-1857, CVE-2009-1858, CVE-2009-1859, CVE-2009-1861
Release Date	10 Jun 2009
Last Change	17 Jun 2009
Criticality	Highly Critical Typically used for remotely exploitable vulnerabilities that can lead to system compromise. Successful exploitation does not normally require any interaction but there are no known exploits available at the time of disclosure. Such vulnerabilities can exist in services like FTP, HTTP, and SMTP or in client systems like email programs or browsers.
Solution Status	Vendor Patch
Software	Adobe Acrobat 3D 8.x Adobe Acrobat 7 Professional Adobe Acrobat 7.x Adobe Acrobat 8 Professional Adobe Acrobat 8.x Adobe Acrobat 9.x Adobe Reader 7.x Adobe Reader 8.x Adobe Reader 9.x
Where	From remote "From remote" describes other vulnerabilities where the attack vector doesn't require access to the system or a local network. This category covers services that are acceptable to expose to the Internet (e.g. HTTP, HTTPS, SMTP). It also covers client applications used on the Internet and certain vulnerabilities where it is reasonable to assume that a security conscious user can be tricked into performing certain actions.
Impact	System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	Some vulnerabilities have been reported in Adobe Reader and Acrobat, which can be exploited by malicious people to compromise a user's system. 1) A boundary error in the processing of Huffman encoded JBIG2 text region segments can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF document. The vulnerability is confirmed in version 9.1.0. Other versions may also be affected. 2) A boundary error exists in the processing of U3D model files contained in PDF documents. This can be exploited to cause a stack-based buffer overflow and potentially execute arbitrary code via a specially crafted extension block included in an U3D model file. 3) An integer overflow error exists when processing "FlateDecode" filter parameters. This can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code via a specially crafted PDF file. 4) An error when processing TrueType fonts contained in PDF documents can be exploited to corrupt memory and potentially execute arbitrary code. 5) An error in the processing of JBIG2 data can be exploited to corrupt memory and potentially execute arbitrary code. 6) Another unspecified error can be exploited to corrupt memory and potentially execute arbitrary code. 7) Multiple errors in the JBIG2 filter can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code. 8) An error in the JBIG2 filter can be exploited to cause a heap-based buffer overflow and potentially execute arbitrary code. 9) Multiple errors can be exploited to cause heap-based buffer overflows and potentially execute arbitrary code.
Solution	Apply patches. -- Adobe Reader for Windows -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows -- Adobe Reader for Macintosh -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh -- Acrobat for Windows -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows -- Acrobat 3D for Windows -- Update to version 8.1.6: http://www.adobe.com/support/downloads/product.jsp?product=112&platform=Windows -- Acrobat Pro for Macintosh -- Update to version 9.1.2, 8.1.6, or 7.1.3: http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh -- Adobe Reader for UNIX -- Update to version 9.1.2 or 8.1.6: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Unix
Reported by	1) Alin Rad Pop, Secunia Research 2) an anonymous researcher, reported through ZDI 3) Jun Mao and Ryan Smith, iDefense Labs 4) Haifei Li of Fortinet's FortiGuard Global Security Research Team The vendor credits: 5) Apple Product Security Team 6) Matthew Watchinski, Sourcefire VRT 7) Mark Dowd of IBM ISS X-Force 8) Mark Dowd of IBM ISS X-Force and Nicolas Joly of Vupen 9) Will Dormann, CERT
Original Advisory	Secunia Research: http://secunia.com/secunia_research/2009-24/ Adobe: http://www.adobe.com/support/security/bulletins/apsb09-07.html ZDI: http://www.zerodayinitiative.com/advisories/ZDI-09-042/ iDefense: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=807 FortiGuard: http://www.fortiguardcenter.com/advisory/FGA-2009-25.html