Wednesday, November 5, 2008

Vulnerability In Adobe Acrobat And Reader Causes Buffer Overflow

There has been found a vulnerability in Adobe Acrobat and Reader software. By making user open specially crafted PDF file an attacker can cause a buffer overflow by exploiting vulnerability in util.printf() JavaScript function.

Affected software:
Vulnerable to this found vulnerability are Adobe Acrobat 8.1.2 and Reader 8.1.2. Users of either of these two versions are recommended to upgrade to version 9. If stepping to version 9 isn't possible then users should upgrade to version 8.1.3.

Solution:
Update software according to Adobe's instructions by either downloading updated software from Adobe's website or using automatic updating tool. Issue can be also worked around by disabling JavaScript in Adobe Reader and Acrobat (found in software's Edit/Preferences menu). Disabling will also prevent many basic Acrobat and Reader workflows from properly functioning so updating the software is more recommended way to solve the issue.

More information on the issue:
CoreLabs advisory
Secunia advisory
CVE-2008-2992

No comments: