Vulnerability Note VU#905281
Adobe Reader and Acrobat buffer overflow vulnerability
OverviewAdobe Reader and Acrobat contain a buffer overflow vulnerability that may allow an attacker to execute arbitrary code.
I. DescriptionAdobe Acrobat Reader is software designed to view Portable Document Format (PDF) files. Adobe also distributes the Adobe Acrobat Plug-In to allow users to view PDF files inside of a web browser. Adobe Reader and Acrobat contain a buffer overflow vulnerability.
II. ImpactBy convincing a user to open a malicious PDF file, an attacker may be able to execute code or cause a vulnerable PDF viewer to crash. The PDF could be emailed as an attachment or hosted on a website.
III. SolutionPer Adobe Security Advisory APSA09-01:
Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.
Prevent Internet Explorer from automatically opening PDF documents
The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to the safer option of prompting the user by importing the following as a .REG file:
Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities.
To prevent PDF documents from automatically being opened in a web browser:
Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments. Please see Cyber Security Tip ST04-010.
Thanks to Adobe for information that was used in this report.
This document was written by Will Dormann and Ryan Giobbi.
If you have feedback, comments, or additional information about this vulnerability, please send us